Henri Haenni is an expert in business continuity, information security, and risk management. He consults for organizations on implementing standards like ISO 22301 and ISO 27001. In this presentation, he discusses how cybersecurity incidents impact business continuity planning. He notes that over 50% of organizations were affected by disruptions in 2017, with losses over 250,000 euros and recovery times over 4 hours in many cases. Successful continuity planning requires identifying critical functions, recovery objectives, risks, and staff backups. It also requires exercising plans regularly. Cyber attacks differ from other risks in that they are polymorphic, complicated, and evolving. Developing cyber resilience requires understanding the threat environment and having a framework like NIST's that covers identifying

1. Standards, Security, and Audit
Cyber security incidents implications
in business continuity planning

2. Henri Haenni
Founder & Managing Director of Abilene Advisors
Advisor for large government organizations and multinational companies for
business continuity, information security and risk management. Consults for
organizations for the implementation of ISO 22301 BCMS, for ISO 27001 ISMS in
Switzerland, Europe, Middle-East and South East Asia. Instructor for the CBCI in
French, English and Spanish.
PECB Trainer for ISO 22301, ISO 27001, Lead Auditor and Lead Implementer, ISO
27005 Risk Manager and CDPO workshops.
Lecturer at Sorbonne University of Paris (Governance and Business Continuity).
Contact Information
+41 79 337 50 63
Henri.haenni@abileneadvisors.ch
www.abileneadvisors.ch
linkedin.com/in/henrihaenni/
twitter.com/AbileneAdvisors
facebook.com/abileneadvisors/

3. 3
What are we going to talk about ?
Agenda
• Cybersecurity disruptive ‘incidentology’
• Cardinal points of business continuity preparedness
• Characteristics of successful business continuity planning
• Cyber security incidents and unverified assumptions
• Essentials of cyber resilience
• A cyber security framework

4. 4
Wannacry(pt) and now…
June 27th : Ransom note displayed on computers infected with the NotPetya
ransomware, demanding $300 in bitcoins (Symantec/Kaspersky Labs)

5. 5
Cyber disruptions
> 50 % of the organizations reportedly affected in 2017
Source : Business Continuity Institute Cyber Resilience Report 2017

6. 6
Cyber disruptions
In 2017, on a panel of 700+ organizations in 69 countries…
Lost at least
250’000 €
(cumulative) in
the last 12
months
Report top
executives
commitment to
cyber resilience
Have tested and
exercised
business
continuity plans
in relation to
cyber disruptions
Took ≥ 4 hours
to recover from a
cyber disruption
after its
discovery
Source : Business Continuity Institute Cyber Resilience Report 2017

7. 7
Cyber disruptions
… which represents…
Source : Business Continuity Institute Cyber Resilience Report 2017

8. 8
Cyber disruptions
… and…
Source : Business Continuity Institute Cyber Resilience Report 2017

9. 9
Business continuity preparedness
Strategic
Decision level
Tactical
Planning level
Operational
Implementation level
Emergency
activities
Recovery activities Restoration activities
After back
to normal
Time after
the disaster
IT Disaster Recovery
Providing « plan B » technological solutions
Business Continuity
Protecting business and financial interestsEmergency
response
Protecting
life, health
and safety
Crisis Management
Protecting reputation and managing long term effects

10. 10
Resilience
In business continuity…
PreparednessUn-preparedness
But also
Good (or bad) luck, staff commitment & loyalty,
good (or bad timing), chaining of events, and
many others…

11. 11
Resilience
What business continuity is all about…

12. 12
Resilience
Characteristics of successful continuity planning
Identify critical
business functions
Identify realistic Recovery
Time Objectives
Identify usable Recovery
Point Objectives
Run periodical risks
assessment
Assign key staff
backups
Prepare technology
workaround strategies
Involve all the staff
(reactive to proactive)
Create a culture of
the resilience
EXERCISE, EXERCISE,
EXERCISE

13. 13
Resilience
Preparedness advantage
Tn+1T0
Negative impact with
preparedness
Negative impact
without preparedness
Business
advantage of
preparedness
Tn

14. 14
Resilience
Cyber attacks - unverified assumptions !!!
Identify critical
business functions
Identify realistc Recovery
Time Objectives
Identify usable Recovery
Point Objectives
Run periodical risks
assessment
Assign key staff
backups
Prepare technology
workaround strategies
Involve all the staff
(reactive to proactive)
Create a culture of
the resilience
EXERCISE, EXERCISE,
EXERCISE

15. 15
Resilience
Is based on trust… Authorities
Customers Employees
Suppliers
Management

16. 16
Cyber attacks
Among the top 10
Extreme weather
events
Large-scale involuntary
migration flows
Natural disasters
Terrorist attacks Data fraud & theft Cyber attacks
Illicit trade
Man-made
environmental
disasters
Interstate conflicts
Failure of national
governance
Source : World Economic Forum Global Risks Report 2017

17. 17
Cyber security incidents
Why are they special ?
Sources of threats Company assets Attack vectors

18. 18
Cyber security incidents
Why are they special ?
Polymorphic
Complicated
Fast-pacing
Complex
Misunderstood
Scary
Untested
Unexercised
Unimagined
Unidentifed
Evolving

19. 19
Cyber resilience
Essentials – Know your environment
In which threat
region am I ?
In what sector
am I ?
What are the
attackers likely
to be ?
What would be
their
motivations ?
How would the
attackers
proceed ?
Which assets
would they
attack ?
What would be
the
consequences ?
What could be
my responses ?
What shall I
communicate ?
Middle East Utility
Cyber
terrorists
Ideology Trojan
Physical
Infrastructure
Physical
destruction
Customer
notification
Duration of
failure /
workarounds

20. 20
Cyber resilience
Essentials – Know your environment
In which threat
region am I ?
In what sector
am I ?
What are the
attackers likely
to be ?
What would be
their
motivations ?
How would the
attackers
proceed ?
Which assets
would they
attack ?
What would be
the
consequences ?
What could be
my responses ?
What shall I
communicate ?
Eastern
Europe
Banking
Criminal
organization
Money
Unpatched
software
Credit card
data
Reputational
damage
Crisis
management /
forensics
How to get
reparations

21. 21
Cyber resilience
The Executive PoV
Owning and managing
cyber risk
Cyber risk management
framework under control
Cyber risk management
shared between IT and
business
Cyber threats intelligence
Dynamic and real time
cyber defense posture
Source : PwC Digital Services

22. 22
Identify
Protect
DetectRespond
Recover
Cyber resilience
Cyber resilience = cyber security + business resilience
NIST Cyber security Framework

23. 23
Cyber security framework
Identify
Identify
Asset
management
Business
environment
Governance
structure
Risk
management

24. 24
Cyber security framework
Protect
Access control Awareness & training Data security

25. 25
Cyber security framework
Protect
InfoSec procedures Maintenance & repair Protective technology

26. 26
Cyber security framework
Detect
Events & anomalies Continuous monitoring Detection processes

27. 27
Cyber security framework
Respond
Response planning Communications Analysis

28. 28
Cyber security framework
Respond
Mitigation Improvements

29. 29
Cyber security framework
Recover
Recovery planning Communications Improvements

30. THANK YOU
?
+41 79 337 50 63
Henri.haenni@abileneadvisors.ch
www.abileneadvisors.ch
linkedin.com/in/henrihaenni/
twitter.com/AbileneAdvisors
facebook.com/abileneadvisors/