Banking regulator warns major cyber breaches are 'probably inevitable' | SMH

Cybercrime is a growing industry and the finance sector is regarded a key target. Despite the growing threat and inevitability of an attack, APRA says there are still financial institutions that have not tested how they would cope with a cyber attack.

In response to the growing threat of a cyber attack, APRA on Wednesday released its first prudential standard on information security (still in draft format), which will set minimum standards for how the sector handles cyber risks.

Institutions will be required to undertake regular testing of their cyber defences, have robust systems in place to detect threats, and set out which senior staff are responsible for cyber security. The discussion paper can be found here.

"Implementing legally binding minimum standards on information security is aimed at increasing the safety of the data Australians entrust to their financial institutions and enhance overall system stability," Mr Summerhayes said.

News item, Emerging RisksPatricia Scheltus13 March 20182018, March

NYSE To Pay $14 Million Penalty For 'Multiple Violations' & Misrepresenting Stock Prices | Forbes

New York stock exchange penalised for violating their disaster recovery and business continuity requirements ...

News item, Workplace Recovery, Regulatory CompliancePatricia Scheltus8 March 2018March, 2018

VPN downtime encourages organizations to allow unsecure network use | Continuity Central

A study by OneLogin has found that UK businesses who provide their employees with the benefit of remote working are struggling to find a balance between productivity and security. In fact, over half of remote workers spend up to one day per week connected to unsecured networks thereby leaving organizations open to greater risk of cyber attacks. Read more

News itemPatricia Scheltus8 March 20182018, March

Unprepared for data breach notification laws? Here's what you need to do if things go wrong | AFR

Experts are reporting that thousands of Australian businesses aren't ready to comply with the data breach mandatory notification law that kicked in from February 22. Research by cyber security specialists CyberArk concluded that as many as 44 per cent of enterprises aren't up to speed, and other security professionals are queuing up to echo the sentiment.

The new law is simple enough in principle. It's compliance in practice that will cause headaches.

If your organisation is covered by the Privacy Act, and you have other people's personal information in your care, and it ends up somewhere or with someone it shouldn't, there's a clock ticking.

News item, Regulatory CompliancePatricia Scheltus2 March 20182018, March

Global Risks Report 2018 | WEF

The WEF met at Davos this year and the Global Risks Report 2018 was published. Seven out of eight risks in the top right quadrant are climate change related (see below)! Is it time to start addressing these risks in our business continuity plans? The full report can be found here.

Patricia Scheltus26 February 20182018, February

BCI Horizon Scan Report 2018

Every year, the BCI in association with BSI, produces the Horizon Scan Report to track near-term threats to organisations across industry sectors globally. The study measures concerns over specific threats as reported by business continuity and resilience professionals.

The report also considers disruption caused by these threats, offering a basis of comparison between the level of perceived concern and actual incidents. You can download the report here

News itemPatricia Scheltus26 February 20182018, February

Importance of Business Continuity Planning | Continuity Central

COMSAT, the US-based satellite connectivity provider, demonstrated the power of business continuity planning after a company facility was threatened by the recent wildfires in California.

The Thomas Fire, reported to be the largest in California state history, presented a very real threat to the day-to-day operations of the Santa Paula multi-purpose teleport facility. Owing to the preparedness of COMSAT and its local team, an efficient, well-planned contingency strategy ensured that the teleport continued serving its global network without interruption, despite the proximity of intense flames. More

News itemPatricia Scheltus26 February 20182018, February

What's in the fine print of your disaster recovery vendor agreement? | Network World

Disaster-recovery solutions require several complex, moving parts coordinated between your production site and the recovery site. Service-level agreements are ultimately the most accurate way to determine where responsibility is held for disaster-recovery process and execution. It’s important to have SLA documentation around these critical aspects of recovery so that customers have commitments from their vendor. I’s also important that a service provider’s agreements contain service-credit backed SLAs for additional accountability. Read more

News itemPatricia Scheltus29 November 20172017, November

Did cloud kill backup? | Network World

With enterprises rapidly adopting hybrid and multi-cloud infrastructure and migrating traditional workloads to the cloud, distributed architectures have become de-facto standard, but traditional backup and recovery strategies have not kept pace. A new cloud-first approach to data protection is required. Read more

News itemPatricia Scheltus27 November 20172017, November

Data breach hits Department of Social Services credit card system | The Guardian

The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached.

In letters sent in early November the department alerted the employees to “a data compromise relating to staff profiles within the department’s credit card management system prior to 2016”.

Compromised data includes credit card information, employees’ names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. Read more

News itemPatricia Scheltus24 November 20172017, November

5 rules for smarter cyber communications | CSO

With the Equifax data breach continuing to make headlines, we're seeing yet further proof that the way you communicate in the aftermath of an incident plays a significant role in determining its ultimate impact. Executives responsible for cybersecurity need to understand how a good cyber communications function works, and they need to make it a regular part of any conversation related to information security or risk management. Read more

News item, Crisis CommunicationsPatricia Scheltus24 November 20172017, November

Workplace Recovery Report 2016 | The BCI and Regus

If adverse weather or system failures mean the workplace is no longer usable, where do employees go to continue working? Whether the incident only affects the organization's facilities or it’s area wide, there should be clear arrangements in place.

This report, in association with Regus, gathers responses from 914 respondents across 78 countries. It looks at how many organizations have workplace recovery arrangements in place, what those are, and how well informed the employees are on how it affects them.

Workplace RecoveryPatricia Scheltus22 November 20172017, November

TCFD Recommendations | Financial Services Board

One of the essential functions of financial markets is to price risk to support informed, efficient capital-allocation decisions. Accurate and timely disclosure of current and past operating and financial results is fundamental to this function, but it is increasingly important to understand the governance and risk management context in which financial results are achieved.

The financial crisis of 2007-2008 was an important reminder of the repercussions that weak corporate governance and risk management practices can have on asset values. This has resulted in increased demand for transparency from organisations on their governance structures, strategies, and risk management practices. Without the right information, investors and others may incorrectly price or value assets, leading to a misallocation of capital. More

Patricia Scheltus22 November 20172017, November

Horizon Scan 2017 | The BCI

Threats. Disruptions. Trends. There’s a lot to consider when putting together a business continuity plan. But what are the biggest risks facing your organization right now? Are we all worrying about the right things?

The Horizon Scan Report 2017 answers these questions and more. Created in association with BSI, it reflects the views of business continuity professionals in 726 organizations across 79 countries. Now in its sixth year, the report delivers insight that helps organizations plan for any challenging conditions coming their way, and to thrive in the long-term.

Emerging RisksPatricia Scheltus22 November 20172017, November