Continuity Management

All businesses make use of computer services and other assets. They have at least some susceptibility to loosing those services and assets. Continuity Management looks at the risks and makes judgements about what is an acceptable risk.

Imagine there's a 1% chance of a specific disastrous eventOpens a new window in the next twelve months: if you can prepare to protect your systems from that risk by spending £2 or €2 today, you would take it. If there was a one in a million chance of that event happening next year, would you spend that money?

Probably yes: the cost is about the same as a lottery ticket and the risk of the event happening are shorter odds than winning the jackpot. If the protection had a one-off cost of £10,000 or €10,000, then you would not spend the money for the one in a million risk, but somebody would be thinking hard if it was the 1% chance, and probably a "no-brainer" if the risk was assessed at 10%.

A regular Disaster Recovery - Business Continuity exercise has several benefits, including preparing staff for something you hope never happens. The trite adage "failure to plan is planning to fail" comes to mind. A well-crafted scenario can also shake individuals out of complacency. A longer article "Continuity ManagementOpens a new window" is available on Linkedin.

Example:
CitrixBleed (or Citrix Bleed, CVE-2023-4966) was known to be exploited in the summer of 2023. Details were published in October 2023, with a severity rating of critical. It later became apparent that several cybersecurity threat actors

probably monitored the publication of the vulnerability
were able to reverse engineer the vulnerability
used a directory of Citrix Servers to hunt for targets
to assess if the server was accessible
plus if the patch had not been applied

From there they could then infiltrate their victim's network, encrypt critical data and extort a ransom.
One simple low-cost option would have prevented infiltration, even if the patch had not been applied.

We will carry out risk assessment and provide an analysis prioritising potential risks to the organization and it's operations.

Business Impact Analysis: We conduct a business impact analysis to understand the potential consequences of disruptions to the organization and its operations
Planning and Strategy Development: We develop, and can help implement, continuity plans and strategies to mitigate the impact of disruptions
Incident Response and Recovery: We can help respond to and recover from disruptions, including how to activate continuity plans and procedures
Crisis Communication: We help with planning how to effectively communicate with stakeholders during disruptions, including how to provide accurate and timely information
Training and Exercising: We implement training and testing of the organization's continuity plans and procedures to ensure they are effective and efficient
Continual Improvement: We will monitor, evaluate and improve the continuity management program of the organization

Please contact robert@esm.solutions for additional information on how we can assist you with enhancing continuity protocols and managing service restoration.