All businesses make use of computer services and other assets. They have at least some susceptibility to loosing those services and assets. Continuity Management looks at the risks and makes judgements about what is an acceptable risk.
Imagine there's a 1% chance of a specific
disastrous eventOpens a new window in the next twelve months: if you can prepare to protect your systems from that risk by spending £2 or €2 today, you would take it. If there was a one in a million chance of that event happening next year, would you spend that money?
Probably yes: the cost is about the same as a lottery ticket and the risk of the event happening are shorter odds than winning the jackpot. If the protection had a one-off cost of £10,000 or €10,000, then you would not spend the money for the one in a million risk, but somebody would be thinking hard if it was the 1% chance, and probably a "no-brainer" if the risk was assessed at 10%.
A regular Disaster Recovery - Business Continuity exercise has several benefits, including preparing staff for something you hope never happens. The trite adage "failure to plan is planning to fail" comes to mind. A well-crafted scenario can also shake individuals out of complacency. A longer article "
Continuity ManagementOpens a new window" is available on Linkedin.
Example:
CitrixBleed (or Citrix Bleed, CVE-2023-4966) was known to be
exploited in the summer of 2023.
Details were published in October 2023, with a severity rating of
critical. It later became apparent that several cybersecurity threat actors
- probably monitored the publication of the vulnerability
- were able to reverse engineer the vulnerability
- used a directory of Citrix Servers to hunt for targets
- to assess if the server was accessible
- plus if the patch had not been applied
From there they could then infiltrate their victim's network, encrypt critical data and extort a ransom.
One simple low-cost option would have prevented infiltration, even if the patch had not been applied.
We will carry out risk assessment and provide an analysis prioritising potential risks to the organization and it's operations.