Advertising: 01622 699116 Editorial: 01354 461430
SAFETY & SECURITY BSEE
CYBER‐ATTACKS AND OTHER THREATS Making staff safer and businesses more resilient
As recent events have demonstrated, even the biggest organisations’ systems can be vulnerable to attacks. What are the weak links? How should you prepare? Software provider, YUDU, discusses how software is helping to ensure business resilience and the safety of staff. By Richard Stephenson, YUDU CEO.
ne of the most revealing things about the devastating ransomware attack on the National Health Service and other major institutions, as well as the more recent but now apparently accidental IT disaster that befell British Airways, wasn’t merely the weaknesses inherent in the network security or network administration procedure within these institutions, but the vulnerabilities of even the best-laid business continuity strategies. Put more simply, the back-up plan either didn’t address the particular area of vulnerability that was exposed, or did so in a less than adequate way. Particular examples of such exposure included NHS and other staff being unable to access critical documentation, and in the case of communication channels, having to resort to consumer applications like WhatsApp. These sorts of weaknesses in the continuity chain of keeping standard working practice going in the event of major incidents are understandable – they often play second-fiddle to the more widely known security issues. In the case of the NHS, it is of particular note how this ransomware attack exploited vulnerabilities within a particular file-sharing protocol within Windows that governs the way shared access of everything from printers to documents within a closed network.
O
Major incidents and best practice: What you may not have in your plan
The question that naturally arises as a result of any such crisis is always “could we have been better prepared?” and ex post facto is there any sort of action plan or are there any clearly defined “rules of best practice” that companies and organisations can employ to make these attacks less debilitating to day to day working practice, should one occur? The simple truth is that there is no single panacea. When dealing with a wide variety of different incidents, from cyber-attacks to fires on premises to terror incidents, there is a hugely diverse range of concerns that incident managers need to bear in mind.
In recent years, business continuity plans have become increasingly sophisticated (and indeed effective) at addressing the diverse range of threats out there to a business and business continuity professionals certainly merit credit for the development of this discipline over the past decade or so. There are however some rules of best practice that we have identified, in our work as a software firm developing solutions for the crisis communication space that we find often don’t receive the attention they should.
Primary concerns
Here’s a practical example: Any engineering company of a sufficient size needs to have a communication channel and content repository that is both independent of traditional ones such as internal intranets and document management systems, in-house and third-party web services like dropbox, slack etc and highly secure. This aims to address at least two of the primary concerns that result from all of the critical incidents listed above. Firstly, guaranteeing the ability to communicate quickly and easily with staff, identifying their whereabouts and safety and responding appropriately and secondly, guaranteeing access to critical documentation (IT documentation is of particular important here to virtually all companies) that is accessible on a channel that can work even if all of the aforementioned standard channels of web-communication are down. These may seem like very basic requirements, but it is important to remember that even the most ostensibly robust systems of communication – such as those of the NHS – can lull managers into a false sense of security. Reports of both managers and nurses being unable to communicate with other departments as well as Trusts led to uncertainty on the floors of various wards. Moreover, the NHS also lost access to important document databases, with “dozens of Trusts” according to the Daily Telegraph, being forced to resort to pen and paper methods.
VISIT OUR WEBSITE:
www.bsee.co.uk Back‐up communication
Consequently, any back-up communication system needs to be able to function with multiple layers of redundancy behind it, including (but not necessarily limited to) SMS, e-mail, voice and in-app messaging. What these sorts of systems provide to an organisation or company is a dependable fall back in the event that phone lines or their wired internet connection dropping and internal file sharing networks being inaccessible. This is of particular importance to companies who maintain a large database of change documents, or extensive documentation of any other kind that is vital to work continuing during crisis situations.
As already mentioned, any system that promises to be a panacea for cyber attacks or any other type of incident that results in systems and telecoms disruption is most likely too good to be true. The simple truth is that not only is there no case of a back-up system offering complete resilience and seamless continuity, but that putting faith in the existence of such a system, even hypothetically, probably makes any technically-orientated company more vulnerable than it otherwise would be.
However, ensuring there is at least one system in place that guarantees access to an independent channel to access critical documentation and communicate with staff should be an elementary requirement for any engineering firm in this day and age and luckily, software is evolving all the time to address these requirements.
htttp://
sentinel.yudu.com
‘
When dealing with a wide variety of different incidents, from cyber attacks to fires on premises to terror incidents, there is a hugely diverse range of concerns that incident managers need to bear in mind.
’ BUILDING SERVICES & ENVIRONMENTAL ENGINEER JULY 2017 35
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92 |
Page 93 |
Page 94 |
Page 95 |
Page 96 |
Page 97 |
Page 98 |
Page 99 |
Page 100 |
Page 101 |
Page 102 |
Page 103 |
Page 104 |
Page 105 |
Page 106 |
Page 107 |
Page 108 |
Page 109 |
Page 110 |
Page 111 |
Page 112 |
Page 113 |
Page 114 |
Page 115 |
Page 116 |
Page 117 |
Page 118 |
Page 119 |
Page 120 |
Page 121 |
Page 122 |
Page 123 |
Page 124 |
Page 125 |
Page 126 |
Page 127 |
Page 128 |
Page 129 |
Page 130 |
Page 131 |
Page 132 |
Page 133 |
Page 134 |
Page 135 |
Page 136 |
Page 137 |
Page 138 |
Page 139 |
Page 140 |
Page 141 |
Page 142 |
Page 143 |
Page 144 |
Page 145 |
Page 146 |
Page 147 |
Page 148 |
Page 149 |
Page 150 |
Page 151 |
Page 152 |
Page 153 |
Page 154 |
Page 155 |
Page 156 |
Page 157 |
Page 158 |
Page 159 |
Page 160 |
Page 161 |
Page 162 |
Page 163 |
Page 164 |
Page 165 |
Page 166 |
Page 167 |
Page 168 |
Page 169 |
Page 170 |
Page 171 |
Page 172 |
Page 173 |
Page 174 |
Page 175 |
Page 176 |
Page 177 |
Page 178 |
Page 179 |
Page 180 |
Page 181 |
Page 182 |
Page 183 |
Page 184 |
Page 185 |
Page 186 |
Page 187 |
Page 188 |
Page 189 |
Page 190 |
Page 191 |
Page 192 |
Page 193 |
Page 194 |
Page 195 |
Page 196 |
Page 197 |
Page 198 |
Page 199 |
Page 200 |
Page 201 |
Page 202 |
Page 203 |
Page 204 |
Page 205 |
Page 206 |
Page 207 |
Page 208 |
Page 209 |
Page 210 |
Page 211 |
Page 212 |
Page 213 |
Page 214 |
Page 215 |
Page 216 |
Page 217 |
Page 218 |
Page 219 |
Page 220 |
Page 221 |
Page 222 |
Page 223 |
Page 224 |
Page 225 |
Page 226 |
Page 227 |
Page 228 |
Page 229 |
Page 230 |
Page 231 |
Page 232 |
Page 233 |
Page 234 |
Page 235 |
Page 236 |
Page 237 |
Page 238 |
Page 239 |
Page 240 |
Page 241 |
Page 242 |
Page 243 |
Page 244 |
Page 245 |
Page 246 |
Page 247 |
Page 248 |
Page 249 |
Page 250 |
Page 251 |
Page 252 |
Page 253 |
Page 254 |
Page 255 |
Page 256 |
Page 257 |
Page 258 |
Page 259 |
Page 260 |
Page 261 |
Page 262 |
Page 263 |
Page 264 |
Page 265 |
Page 266 |
Page 267 |
Page 268 |
Page 269 |
Page 270 |
Page 271 |
Page 272 |
Page 273 |
Page 274 |
Page 275 |
Page 276 |
Page 277 |
Page 278 |
Page 279 |
Page 280 |
Page 281 |
Page 282 |
Page 283 |
Page 284 |
Page 285 |
Page 286 |
Page 287 |
Page 288 |
Page 289 |
Page 290 |
Page 291 |
Page 292 |
Page 293 |
Page 294 |
Page 295 |
Page 296 |
Page 297 |
Page 298 |
Page 299 |
Page 300 |
Page 301 |
Page 302 |
Page 303 |
Page 304 |
Page 305 |
Page 306 |
Page 307 |
Page 308 |
Page 309 |
Page 310 |
Page 311 |
Page 312 |
Page 313 |
Page 314 |
Page 315 |
Page 316 |
Page 317 |
Page 318 |
Page 319 |
Page 320 |
Page 321 |
Page 322 |
Page 323 |
Page 324 |
Page 325 |
Page 326 |
Page 327 |
Page 328 |
Page 329 |
Page 330 |
Page 331 |
Page 332 |
Page 333 |
Page 334 |
Page 335 |
Page 336 |
Page 337 |
Page 338 |
Page 339 |
Page 340 |
Page 341 |
Page 342 |
Page 343 |
Page 344 |
Page 345 |
Page 346 |
Page 347 |
Page 348 |
Page 349 |
Page 350 |
Page 351 |
Page 352 |
Page 353 |
Page 354 |
Page 355 |
Page 356 |
Page 357 |
Page 358 |
Page 359 |
Page 360 |
Page 361 |
Page 362 |
Page 363 |
Page 364 |
Page 365 |
Page 366 |
Page 367 |
Page 368 |
Page 369 |
Page 370 |
Page 371 |
Page 372 |
Page 373 |
Page 374 |
Page 375 |
Page 376