Roberto Perego from ORBIT Italy gave a presentation at the 7th ME Business & IT Resilience Summit in Dubai on facing a cyber attack as a business continuity manager. He discussed five pillars for being resilient against a crisis caused by a cyber attack: building an awareness culture, treating incidents as potential signals of attack, evolving business continuity management plans to also address cyber attacks, managing an actual crisis, and effective communication during an attack. Perego argued that business continuity managers need tools that can help monitor for early signals of attack, enable continuity plans to respond to cyber incidents, and ensure effective crisis communication.

1. Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
7th ME Business & IT Resilience Summit
March 11, 2018 at The Address Hotel, Duabi Mall, Dubai, UAE
Our Contact Details:
UAE INDIA
Continuity and Resilience
Website: www.coreconsulting.ae
Tel: +971 2 6594006
PO Box: 25722, Abu Dhabi, United Arab Emirates
Email: info@continuityandresilience.com
Continuity and Resilience
Tel: +91 11 41055534 | Direct: +91 11 6467 9380
Email: info@continuityandresilience.com
Website: www.coreconsulting.ae
Level 15, Eros Corporate Towers, Nehru Place, New
Delhi – 110019, India

2. Business Continuity Manager to face
a Cyber attack
Roberto Perego – ORBIT Italy
Founder, Chief Sales and Marketing Officer

3. 2017 ORBIT Italy s.r.l. – All rights reserved
The challenge
The failure to manage your digital risks is likely to sabotage your digital
business and expose your organization to potential impacts well
beyond a simple opportunity loss. The extent to which CIOs engage in
digital risk management can be a crucial factor in avoiding such
dangers.
Source (Gartner Group): Cybersecurity and Digital Risk Management: CIOs Must
Engage and Prepare Published: 17 January 2018 by Rob McMillan | Paul E. Proctor
Why Me:
 14 years of experience in business continuity and risk
management (after a long experience in many large organization)
 I founded and still run a company that deals only with BC, risk
management and now, privacy data treatment
 More that 20.000 users are using ORBIT4BC
 In 2017 my company invested 22% of the turnover in R&D

4. 2017 ORBIT Italy s.r.l. – All rights reserved
Today’s topic

5. Source: Cyber Resilience Report 2017 – BCI – www.thebci.org
… can’t be underestimates

6. Cyber Attack: not just data breaches
2017 ORBIT Italy s.r.l. – All rights reserved
 Data loss and destruction (Ransomware)
Source: Forbes.com

7. 2017 ORBIT Italy s.r.l. – All rights reserved
 Physical damage to critical infrastructures
Illustration: L-Dopa
Cyber Attack: not just data breaches

8. Fortune: http://fortune.com/sony-hack-part-1/
2017 ORBIT Italy s.r.l. – All rights reserved
 Stopping business operations for days, if not weeks
Cyber Attack: not just data breaches

9. 2017 ORBIT Italy s.r.l. – All rights reserved
 Using computational resources: cryptojacking
Cyber Attack: not just data breaches

10. Why it’s not only an IT issue?
2017 ORBIT Italy s.r.l. – All rights reserved
What Cybersecurity Trends Tell You1
 You can't possibly fix everything:
• Don't hope, don't try, don't make yourself obligated to do so
• Fix the most important things first
 You can't make your assets fully secure:
• You can prioritize and provide the best security for high-value assets
 You can't know how secure they all are:
• You can have enough visibility to high-value assets if you know where they are
 You certainly can't know how secure your digital partners are:
• You can have better oversight of your supply chain security strategy(digital and
physical)
Source: Gartner Essentials: Top Cybersecurity Trends for 2017 (Advanced) Peter Firstbrook
Gartner Summit - September 2017

11. Going back to our BC world
2017 ORBIT Italy s.r.l. – All rights reserved
Gartner Report July 2017
Analyst(s): Roberta J. Witty, Mark Thomas Jaggers, John P Morency, Adam Schneeberger
Continuity of operations is vital for maintaining
organizational confidence, reputation and, in some cases,
survival. Security and risk management leaders
responsible for business continuity need to understand
the full scope of their BCM efforts, which should comprise
an enterprise-wide program

12. Five pillars to prove yourself against a crisis
caused by a cyber attack
2017 ORBIT Italy s.r.l. – All rights reserved
 Awareness: build culture
on managing a crisis
caused by cyber attack
 Incident : can an incident
be a signal?
 Evolution from BCM to
BCM2
 Managing a crisis caused
by a cyber attack
 Communication during a
cyber attack

13. Awareness1
Build a culture of crisis management in case of cyber attack, in other words a
360° program on “security awareness “
2017 ORBIT Italy s.r.l. – All rights reserved
 Education to help people understand
responsibility on data saving, and
software to manage behavioural changes.
 Identify the biggest risk-areas within the
employees and build simulations to verify
their readiness and skills to respond to
specific attack.
 Continuous communication to
strengthen awareness and awards to
people that put in place correct
behaviours on maintaining security at the
top.
Source: Three Critical Factors in Building a Comprehensive Security Awareness Program – Sept. 2017 by Joanna G. Hiusman – Gartner G.

14. 2017 ORBIT Italy s.r.l. – All rights reserved
Go for a check
What do you usually do:
Nothing Nothing (start thinking
what’s going on)
You have done a mental association among three not
critical events occurred in a temporal space of three
weeks
t 0 after 3 weeksafter a week
Incident Management

15. Incident Management
2017 ORBIT Italy s.r.l. – All rights reserved
A professional Incident management tool connected to a BCM
tool must help BC Managers with the following:
 Capability to capture events that only apparently do not tell a BC
Manager that a cyber attack is underway
 Monitor and link events according not usual rules for instance track an
increase of some events in a day, or increased traffic that can be seen as
performance downgrade
 Intelligent system that connect such events and make “what if” analysis
Be ready to activate BCM2 even if the
probability to be under a “cyber attack” is low

16. Evolution from BCM to BCM2 Before crisis
2017 ORBIT Italy s.r.l. – All rights reserved
BCM
Tool
BCM
Tool
Client Data Center Outsourcer Data Center
1. Make a copy of the BCM
Software tool weekly or
any time there are
changes and adaptations
2. Make a daily copy of
BCM data that will be
encrypted in the
outsourcer datacentre
BCM’s tool copy

17. Evolution from BCM to BCM2 During the crisis
2017 ORBIT Italy s.r.l. – All rights reserved
Outsourcer Data Center
2. Access through «https»
to software for BC
management
BCM’s tool copy
1. Delivery of the
decryption key

18. Evolution from BCM to BCM2 Return from crisis
2017 ORBIT Italy s.r.l. – All rights reserved
BCM
Tool
BCM
Tool
Client Data Center Outsourcer Data Center
1. Data encryption
2. DB transfer with BC dataBCM’s tool copy

19. PROCESS
PROCESS
PROCESS
Managing a crisis caused by a cyber-attack
2017 ORBIT Italy s.r.l. – All rights reserved
App
App
App
App
App
App
PROCESS PROCESS
PROCESS PROCESS
PROCESS PROCESS
PROCESS PROCESS PROCESS
PROCESS PROCESS PROCESS
PROCESS PROCESS PROCESS
PROCESS PROCESS PROCESS
HWHW HW
HW
HW
HW
HW
HW HW
HW
HW
HW
SW
SW
SW SW
SW
SW
SW
SW
SW

20. CMDB IntegrationBCMS
Managing a crisis caused by a cyber-attack

21. Communication in case of cyber attack
2017 ORBIT Italy s.r.l. – All rights reserved

22. HWHW HW
HW
HW
HW
HW HW
HW
HW
HW
Quick communication, many
to many, can’t happen
without an advanced
notification system
Communication in case of cyber attack
2017 ORBIT Italy s.r.l. – All rights reserved

23. Conclusion – the real life
2017 ORBIT Italy s.r.l. – All rights reserved
BC Manager facing a cyber attack ORBIT4BC fits
Awareness: build culture on
managing a crisis caused by cyber
attack
Educational program done in
cooperation with international
firms
Incident : can an incident be a
signal?
ORBIT4BC Incident management
module
Evolution from BCM to BCM2
ORBIT4BC BCM square module in
collaboration with local or
international outsourcers
Managing a crisis caused by a
cyber attack
ORBIT4BC Crisis management
module and integration with
CMDB module
Communication during a cyber
attack
ORBIT4BC Integration with MIR3
and MIR3 (Onsolve)

24. Thanks for the attention
r.perego@orbititaly.com

25. Process Excellence and Resilience...
Creating Corporate Sustainability
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
UAE INDIA
Continuity and Resilience
Website: www.coreconsulting.ae
Tel: +971 2 6594006
PO Box: 25722, Abu Dhabi, United Arab Emirates
Email: info@continuityandresilience.com
Continuity and Resilience
Tel: +91 11 41055534 | Direct: +91 11 6467 9380
Email: info@continuityandresilience.com
Website: www.coreconsulting.ae
Level 15, Eros Corporate Towers, Nehru Place, New Delhi –
110019, India