Below are our top 10 bulletins from this year! We hope you have all enjoyed reading the bulletins each week!
At number 10, we have Charlie’s bulletin where he discusses what questions organisations should be considering in their incident response plans.
“Cyber-attacks are not always what they seem. The attacker who did it and their motives may seem obvious, but there are many cases of organisations trying to look like one type of attack or a particular threat actor, and using this as a smokescreen for achieving something else.”
Charlie discussed a ‘Grey Rhino’ – high probability and high impact risks which we see coming, and we do nothing about until the risk, (the Rhino), is upon us – and looks at how organisations are able to deal with these.
“Often, we see the danger of the charging rhino but we find excuses or reasons why we don’t do anything about them. They often go on the ‘too difficult’ pile, or there is no easy solution, so we do nothing.
Like all risks, the longer we take to deal with them and the closer they get to maturing, then the bigger the impact and the more costly it is to come up with a solution. The earlier we mitigate the effects of the Grey Rhino, the less impact they will have.”
Earlier this year, the Scottish Government opened an inquiry into the handling of the COVID-19 pandemic. Charlie discussed this thoughts and talked about how the inquiry compares to other controversies in the UK.
“It’s a positive that we are holding an inquiry, as it gives people the opportunity to learn from the events, and I suspect, for some, it will provide closure or at least a chance to express their feelings if they have lost loved ones to Covid. Additionally, I think it’s beneficial that this inquiry is being conducted soon after the event has ended. Other inquiries, due to legal processes, are often conducted years after the event, when memories have faded, and we have moved on.
I am hoping that there may be a further push from the government on the importance of planning for future disasters.”
In September, we decided to see if Google Bard could write us a bulletin on the MGM Grand Cyber Attack. We thought Google Bard did a very good job!
“The lesson for businesses from the MGM Grand cyber attack is that no company is immune to a cyber attack. Even large, well-resourced companies like MGM can be targeted. Businesses need to have strong cyber security measures in place to protect themselves from attack.”
Charlie shares common misconceptions about first responders of a disaster and discusses the Turkey-Syria earthquake that happened earlier this year.
“The first point made is that during disasters, people generally do not revert to the savage idea that it is down to survival of the fittest, and only the strongest will survive. The panic you see in films, where there is a mass scrum and people trample others to death to get out of the burning building, are a popular myth which should remain in films. We know from Hillsborough and in Mecca on pilgrimage, that people do get killed in crushes, but this is usually down to poor crowd management, rather than trying to escape another disaster.”
Charlie discusses his research into how female journalists are treated online, and shares advice on how to deal with trolling.
“If you look through the news, you can see examples of these acts happening to high-profile and ‘ordinary’ women every day. The ones we see in the news are the ones that have a big enough impact to be newsworthy, we don’t hear about the huge amount of abuse which is relentless and goes on all the time.”
As one of the largest ransomware attacks of the year, the Royal Mail cyber incident dominated the news headlines. Charlie provided his thoughts on the situation.
“My own opinion is that if you are a B2C organisation and hold lots of external personal data, you have to declare it so those whose data you hold are aware of it. I also think if you are a public body providing a service to the public, like the Royal Mail, you need to admit to the attack because you are not providing normal service.”
One of the most exciting events of the year was the coronation of King Charles III, Charlie talked about what the coronation can teach us about business continuity and what we can take away.
“Practice makes perfect. If you want an event to go off without a hitch, you need to put in the time to practise. All those who took part had been practising for weeks, including the King.”
The 2nd place spot goes to the bulletin where Charlie discussed the use of AI (Artificial Intelligence) within organisations and whether it is something that should be implemented or not.
“If there are lots of predictions about what AI might be able to do for us and how it might change our industry, it is not having a large effect at the moment. What I do think is coming, is a ‘tsunami of change’, which is going to change our industry, whether you are a practitioner or a consultant. Don’t tell anyone – but as most of us know – business continuity conceptually is not that difficult, and the basics are pretty simple. What AI is going to do is make business continuity more accessible and easier to implement.”
And our favourite bulletin of the year goes to…
Charlie met with the Scottish charity ‘Pickups for Peace’ where they delivered trucks to the Ukrainian military.
“Sometimes when you believe in a cause, or you know what the right thing to do is, you have to put your head above the parapet and do what you believe in. There will be risk, but the rewards for both you and the cause should be worth it.”