Archive for the ‘business continuity’ Category
IBM Study: Business More Likely To Pay Ransomware Than Consumers
IBM Security has announced results from a study finding 70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems.
In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data.
For those not familiar with the practice, ransomeware is an extortion technique used by cybercriminals where data on computers and other devices is encrypted and held for ransom until a specified amount of money is paid.
The IBM X-Force Study, “Ransomware: How Consumers and Businesses Value Their Data’ surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data.
Key findings from the survey:
- While over half of consumers surveyed initially indicated they would not pay the ransom, when asked about specific data types, 54 percent indicated they would likely pay to get financial data back
- More than half (55 percent) of parents surveyed would be willing to pay for access to digital family photos vs. 39 percent of respondents without children
Businesses Held For Ransom Likely To Pay
Nearly one in two business executives surveyed have experienced ransomware attacks in the workplace. The study found 70 percent of these executives said their company has paid to resolve the attack, with half of those paying over $10,000 and 20 percent paying over $40,000.
Nearly 60 percent of all business executives indicated they would be willing to pay ransom to recover data. Data types they were willing to pay to recover included financial records, customer records, intellectual property, and business plans.
Overall, 25 percent of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.
As for small businesses, well, they remain a ripe target. Only 29 percent of small businesses surveyed have experience with ransomware attacks compared to 57 percent of medium-sized businesses. While cybercriminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable. The study found that only 30 percent of small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.
Preparing For And Responding To Ransomware
Preparing for and Responding to Ransomware
With the financial returns on ransomware growing north of a $1 billion for cybercriminals, IBM anticipates it and other extortion schemes will continue to grow. ‘
Both businesses and consumers can take some steps to help defend themselves from ransomware. IBM X-Force experts recommends the following tips to protect yourself and your business:
- Be vigilant. If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
- Backup your data. Plan and maintain regular backup routines. Ensure the backups are secure, and not constantly connected or mapped to the live network.
- Disable macros. Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.
- Patch and purge. Maintain regular software updates for all devices, including operating systems and applications. Update any software you use often and delete applications you rarely access.
For additional tips and details on the survey findings, you can download the full report at: https://ibm.biz/RansomwareReport.
In addition, Resilient, an IBM Company, today announced an industry-first Dynamic Playbook to help organizations respond to ransomware and other complex attacks. Resilient Dynamic Playbooks orchestrate response in real-time, adapting the actions organizations need to take in response to cyberattacks as they unfold.
If you are a victim of ransomware, the FBI and other law enforcement agencies advise victims to avoid paying a ransom to cybercriminals. They do recommend you report a cybercrime, including becoming the victim of ransomware to the appropriate authorities:
- In the U.S. report via the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/default.aspx
- In Europe report via Europol’s Cybercrime Reporting website: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
Sandy’s Data Center Impact
Well, I sat and watched the coverage of Superstorm Sandy last night, flipping between the major cable news networks and The Weather Channel, and also trying to keep up with my northeast friends via Facebook and Twitter.
You could almost mirror match the power outages with the suddenly disappearing Facebook and Twitter streams, as one friend after another dropped from the social radar screen.
Having lived in New York City and its surroundings for the better part of eight years of my life, I was completely sympathetic to their plight, and quite frankly, astonished at some of the images I was witnessing.
I’ve been out doing some research to try and understand the negative IT impact, and it didn’t take long.
This story indicated that the flooding had hobbled two data center buildings in Lower Manhattan, mainly because it took out diesel pumps (located in basements) that were needed to refuel generators.
Datagram’s 33 Whitehall basement was also inundated, taking out some major Web sites, including Gawker, Gizmodo, Buzzfeed, The Huffington Post, and Media. The attached screenshot demonstrates the message I tried going there just this morning.
Ars Technica also had a post detailing some of the outages, in which they suggested that “customers relying on hosting providers and cloud services may want to build systems that can fail over across multiple regions,” but that “even the most extensive preparations may not be enough to stay online in the face of a storm like Hurricane Sandy.”‘
IBM’s own Business Continuity Services had this message for IBM clients posted on its home page overnight:
The IBM Business Continuity and Resiliency team is monitoring the status of Hurricane Sandy and has activated our Emergency Operations Center to ensure we are prepared to assist our customers throughout the storm. Our delivery teams are assembled in BCRS recovery centers in Sterling Forest, NY, Gaithersburg, MD and Boulder CO and all facilities are secure and ready to support all client declarations. We are proactively assessing the potential impact to our customers who are projected to be in the path of the storm, and our delivery program management team will provide regular updates to our clients as the storm progresses, and will be available to respond to any questions throughout the week. If you need to call IBM to place us on alert, or to declare a disaster, please call 1-877-IBM-REC1 (877-426-7321)
Singapore Sling
Resorts World Sentosa in Singapore will play host to a new, first-of-its-kind IT event in Singapore this October 9-11, where smart businesses from around the globe that have been busy implementing new business and IT strategies will come together to network with IBM clients, industry experts, and IBM thought leaders and learn how they’re converting opportunity into outcomes.
It was a big day today in Singapore, where the country celebrated its independence, and where government leaders encouraged Singaporeans to make even more Singaporeans, in order to counter the country’s declining birthrate, which is among the lowest in the world at 7.72 births per 1,000 people.
I’m sure a few Singapore Slings may have been consumed, and I would have been right there with them, as the Raffles Hotel is definitely on my list of places to frequent for when I visit.
And that will be sooner rather than later, as IBM is going to be hosting a new, first-of-its-kind event at the Resorts World Sentosa this October 9th-11th.
This new IBM event will share with attendees the breadth of IBM’s integrated software and systems solutions capabilities, and demonstrate IBM’s strategic perspective on becoming a smarter busienss that excels in turning opportunity into outcomes in this new era of computing.
At the event, IBM will focus discussions on a variety of key “hot topics,” including those focused on speeding innovation with mobile computing, defending against cyber-threats with security intelligence, rethinking IT with cloud computing, and a host of others.
If you’re game, but need some compelling reasons to convince your boss to send you to Singapore, here’s a starter list:
- Networking. You’ll have the opportunity in Singapore to network with peers, industry experts, and IBM thought leaders from around the globe, including IBM customers already collaborating to better align business and technology investments.
- Learning. You’ll have the opportunity to learn from experts in our Solution Center, as well as through a personalized agenda of keynote session, “Hot Topic” sessions, and Exchange sessions built around your business interests.
- Delivering New Value. At IBM Interconnect, you’ll become one of the first to learn how to manage the velocity of change from real world examples of business delivering new value to the people they serve.
- Unleashing Innovation. You’ll also have the opportunity to begin to understand the new economics of IT, and how to use technology as the catalyst for unleashing innovation in your organization.
- Uncovering New Markets. And finally, in an environment where most every organization is looking for new customers in new markets, you’ll have the opportunity to start to develop a clear plan of how you can reinvent relationships with yoru customers and workforce and, in turn, start to uncover those new markets.
Changing With The Changing Times
Rapid change has become the new normal, as entire industries are now transforming to deliver compelling new value to their customers. In this era of interconnected industries, businesses and consumers, a new kind of leadership is required to turn opportunity into business outcomes.
Smarter businesses are capitalizing on information as an indispensable resource and using technology as the catalyst for unleashing innovation. They are expanding the digital world of the back-office into the front-office and the corresponding business infrastructures that are at the heart of business leadership and operations; the key interconnection points among consumers, business partners and employees.
Take advantage of this opportunity to develop a personalized agenda around your business needs, collaborate with business decision-making peers, and meet face-to-face with technical decision-makers and industry experts.
You can start by first going here to register, then heading on over to the Session Preview Tool to start scanning the sessions to make sure you get the most out of your visit.
If you’ve never visited Singapore, I can’t recommend it highly enough. It’s like visiting a future that has already arrived, and in the meantime, you’ll have the opportunity to attend an IBM event that’s intended to help you create a future looming just over the horizon.
The Blackout In India
To my friends in India, I hope you’re fairly weathering your blackout.
I was just reading through some BBC coverage which has reporters spread across northern India, including Utter Pradesh, Delhi, Rajasthan, and West Bengal.
The report suggests Calcutta was not as badly affected as other regions, because it has a private electricity board, but that power went out across the rest of West Bengal state.
Thus far, coverage suggests the power breakdowns in India are mainly in the north, the east, and the northeast, and that about 600 million people have been in affected in over 20 Indian states.
To put that in perspective for those of us here in the west, that would be like the power going out across all of the U.S. and all of the United Kingdom, at once.
Yes, just imagine that.
Obviously, there will be lots of fingerpointing until an investigation can get to the bottom of this, but in the meantime it demonstrates once again how fragile infrastructure can be, in both emerging and advanced economies.
In the Northeast blackout of 2003 here in the U.S., some 55 million U.S and Canadian citizens were impacted and some left without power for up to 16 hours.
Though there was no major civil unrest during that particular blackout, one need simply just read the Wikipedia entry of that event to remember how many “systems” were impacted: everything from transportation to healthcare to water supply.
In India, telecommunications are being particularly hard hit in this outage, because so many people there depend on mobile phone service for their communications. Even if the cell towers have backup generators, many folks in rural India have no alternative method of recharging their cell phones once that primary charge dissipates.
Also, business process outsourcing companies such as Wipro, Genpact, WNS and others have “kicked in business continuity plans” to ensure continuity of services to global clients. Thus far, The Hindu Business Line is reporting that the IT-BPO industry, which accounts for over 7% of Indian GDP, are running their operations at centers in the north and eastern India using backup generators running on diesel.
The Wall Street Journal India has an “IndiaRealTime” blog where you can follow the latest on the India power outage.
Managing & Mitigating Risk: The 2011 IBM Global Business Risk & Resilience Survey
Once again, IBM has published a global business risk and resilience study, this year in partnership with Economist Intelligence Unit on behalf of IBM.
The study was conducted in June of this year, and included responses from 391 senior executives…Thirty-five percent of the respondents were C-level executives…About 39% were from North America,38% from Western Europe, 20% from Asia Pacific, and 3% from Eastern Europe.
Companies with less than U.S. $500M in revenue comprised 39% of the responses, and 48% of the respondents hailed from companies with more than U.S. $1 billion in revenue…The survey also covered a gamut of industries, including financial services (16%), IT and technology (16%), professional services (13%), manufacturing (8%) and healthcare (7%).
Click on the image to enlarge. The IBM Global Risk & Resilience Study revealed that to date, companies around the world are focused heavily on building out their resilience and risk plans, as well as putting the supporting technologies and processes in place to get them into effect.
Before I dive into the results, here’s the setup: Global organizations are increasingly emphasizing business resilience; that is, the ability to rapidly adapt to a continuously changing business environment. Resilient corproations are able to maintain continuous operations and protect their market share in the face of natural or man-made disasters as well as radical changes in the financial or economic climate. They are also equipped to seize opportunities created by unexpected events.
So, the question is, are they?
It’s a mixed bag.
The research suggests that more and more businesses will adopt a more holistic approach to risk management in the next three years ass they deal with growing uncertainty and the increasing interconnectedness of the varied risks they face.
That’s the good news, aspirational though it may be.
But in terms of today’s reality, the study indicated that only a minority of companies (37%) has implemented an organization-wide business resilience strategy…with 42% saying they’ll do so in the next three years.
Almost two-thirds (64%) say they have a business continuity plan of some sort, and a robust 58% have dedicated contingency plans for dealing with a variety of risks.
That’s the topline…now on to the deeper dive:
- Larger organizations are more likely than smaller ones to have an integrated strategy. They, of course, typically have more to lose, and complexity increase’s an organization’s exposure to risk. Larger firms are more likely to have assigned overall responsibility for enterprise risk management to a single executive (which means, of course, direct accountability). Still, there is a contingent of small companies that have adopted integrated strategies. These companies also rank highly with regard to indicators of success such as revenue growth, profitability, and market share.
- Continuity, IT and compliance risks remain in the foyrefront, but companies are diversifying their strategies to build business resilience. Nearly 40% of respondents say their organization regards business continuity as primarily an IT issue. However, when they’re asked to name their “primary risk management concern,” some name more than one, including disaster recovery (47%), IT security (37%), and regulatory compliance (28%). Though most have started by addressing the largest threats first, they increasingly are expected to turn to such things as communications and training programs designged to build a more resilient culture overall.
- Business resilience planning increasingly involves specialists from across the organization, yet CIOs and IT pros remain the most prominent stakeholders. Hey, what happened to sharing the love…and the risk?? Because a culture that imbues responsibility for risk management at every level enables companies to respond to changes and unexpected events. A solid majority of respondents (60%) say that business resilience is considered a joint responsibility of all C-level execs. Yet as IT penetrates more deeply into every aspect of company operations, CIOs and IT pros remain key players in building more resilient organizations. Fifty-six percent of respondents say the CIO collaborates with top IT strategists much more frequently than three years ago.
Click on the image to enlarge. Silos, budget and predicting ROI were cited as the biggest barriers in the study to adopting an holistic approach to business resilience and risk.
How Can I Better Manage Risk Moving Forward?
In most organizations, improving business resilience requires a shift in corporate culture because that is what shapes values and behavior. If a company’s culture blends risk awareness with other corporate values, then people instinctively know the right thing to do when confronted with an unexpected situation, and that reduces risk.
Understanding these principles is a good first step, but in interviews, executives are clear that buy-in from the top is essential to foster broad organizational change. Promoting holistic risk management concepts to peers and employees is also critical.
Taking an incremental approach with broad participation in strategy development can help, because it is easier to promote change if a new initiative is not seen as being pushed by one particular faction.
Senior-level commitment and adequate resources are also needed to develop comprehensive communications and training programs to support integrated risk management. One of the distinguishing features of the most resilient companies is that they are much more likely than other firms to have developed a communications strategy to push the message of resilience out to every corner of the organization.
Companies that embrace these measures are more likely to create an effective business resilience plan. This will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management.
Go here to download the full report.
Don’t Let Your Business Become A Disaster
This year seems as though it’s been nothing but a series of disasters.
Literally.
The Japan earthquake and tsunami. An horrific season of tornadoes across the south and mid-west. Amazing drought throughout Texas, where agricultural losses are upwards of $3B. And our most recent friend, Hurricane Irene, which visited devastation up the mid-Atlantic and, incredibly, leaving Vermont and Connecticut more harmed than anyone would have estimated.
IBM recently announced six tips that individuals and businesses can use to help prepare their IT environments for natural disasters and a wide range of other threats.
It just goes to show, you can never be ready enough for acts of God.
That includes individuals and businesses which are dependent on their IT environments for conducting their business and ensuring continuity through one of these disasters.
In preparation for Irene, we saw many people in high risk areas rushing around to buy emergency supplies like flashlights, water, and wood to board up their houses. But how many considered the preparedness of businesses and government agencies?
Given these impending natural disaster and other top causes of disasters like power outages and network failure that disrupt the flow of information, businesses and individuals should also be assessing their business and disaster recovery plans in advance of disaster scenarios, when things are calmer and they can focus on sensible risk mitigation.
In today’s on demand environment, it’s critically important to rapidly adapt and respond to risks, as well as opportunities, to maintain continuous access to data for personal and business reasons.
IBM recently offered up a few tips on disaster preparedness:
- Validate your data backup plan – Verify that your data is out of harm’s way and/or is accessible to your recovery location. Consider using a cloud service to store key data and allow your organization more flexibility to respond to changing conditions with minimal interruption to the business.
- Consider employees and the personal impact of a disaster – A company’s most important asset are their people, but the most important asset for people are their families. Consider how you would move them and their families if required, think about providing financial support to your employees during a crisis event, and consider offering counseling to help them deal with the aftermath of the crisis.
- Develop various ways to communicate with employees, partners – After people, the next most important element is communication. Communications efforts must be timely, clear and honest, as miscommunication can make a disaster even worse. Consider how you would communicate with your employees, partners, clients, media, industry, and vice versa, what training you have provided, what tools are you using and — very important — test the communications plan.
- Think about the “domino effect” when considering business risk – Years of experience monitoring regional disasters has shown that these events often create other events. For example, a hurricane normally has high winds and heavy rains that can lead to flooding, structural damage, power outage, telecommunication and/or travel disruptions.
- Plan for catastrophic events that could last a while – For example, businesses must consider the impact if the duration of the disruption to the facility, network, technology, or people is longer than a period of three days, one week, etc. Over the past decade, we have seen more devastating disaster events with a longer term duration and financial impact. Companies need to consider their options if their primary environment or key people are not available for more than two weeks.
- Think broadly – Each company is part of a supply chain or network. While you may do everything right, if you have a critical partner, supplier, vendor or provider of service, your preparedness is only as good as those other businesses. As part of your disaster recovery plan, ensure everyone upstream and downstream from your business is also prepared.
With more than 40 years of experience keeping businesses up and running, IBM uses its software, hardware and services expertise to help clients and individuals across the globe to protect their data.
IBM helps them to manage risks, protect valuable business assets, comply with standards and regulations, and continue business operations.
“People and businesses are relying on technology now more than ever, which creates an urgent need to protect critical data and keep IT systems up and running when a natural disaster or other unexpected outage occurs,” said Rick Ruiz, general manager of IBM’s Business Continuity and Resiliency Services. “In these situations, it’s clear that those who have moved from the old model of ‘experience and react’ to a new one of ‘anticipate and adjust’ will fare much better.”
Visit this site to learn more about IBM’s Disaster Recovery Services.
turbotodd
Turbotodd 