Respond to a Wide Spread Ransomware Attack with Business Continuity Planning.

The timing of the Cyber Attack which affected many NHS trusts, doctors surgeries and other organisations across the globe does not appear to have been random.

Reports started to emerge in the U.K. after lunchtime on a Friday, a notoriously difficult time to deal with anything in the workplace!

Many organisations begin to close down for the weekend or at least reduce the services and coverage they offer. The health service is no different and although they operate 24/7, private organisations in the supply chain who support them may not.

Recovering from a Ransomware Attack

Ransomware is very difficult to deal with when a machine has been infected and most well prepared organisations rely on their information backup process to allow them to securely erase an infected machine and restore as much data as possible, to avoid paying the ransom.

The difference with this attack was the scale, which spanned across multiple organisations across the globe.

Here is where, even with an effective backup facility, the scale of the incident made service disruption unavoidable.

While many other organisations were affected, the biggest impact was probably felt by patients in the NHS, who reported delayed operations and appointments on Friday.

Business Continuity Management is Essential?

When an incident causes so much disruption that it has an impact on the organisation’s customers (patients) it’s time to invoke a Business Continuity Plan to minimise those effects.

That’s exactly how Saffron Cordery, director of policy and strategy at NHS Providers, was reassuring listeners on BBC Radio 4’s PM programme.

“Trusts will activate silver command” she said, while also telling listeners that trusts have Business Continuity Plans in place.

In recent years the concept of Business Continuity Management has become embedded in the consciousness of the public sector, and those in the supply chain.

It’s impossible to plan for every possible event, but implementing a Business Continuity Framework, such as ISO 22301, sets the groundwork for people at all levels of your organisation to manage a disruptive event.

Business Continuity at all Levels

The BCI’s Good Practice Guide (GPG) is widely recognised in Business Continuity Management and discusses three important aspects to planning.

Strategic

At Director or Board level, the strategic planning and BIA (Business Impact Assessment) focuses on the high level products or services that the organisation provides and sets the expectation for continuity, usually through Policy.

Tactical

At a tactical level the continuity and recovery effort can be coordinated and managed. Trained BC staff can evaluate what processes are needed to maintain continuity of the product and service process provision to the customer, as decided at the strategic level.

Operational

Actions and activities are undertaken to continue or recover those activities at an operational level. Here everyone plays their small part in the overall plan.

It is vital, therefore, that Business Continuity is embedded at every level of the organisation and is considered in every decision that is made, even during normal operating conditions.

But, also as important to the success of a Business Continuity plan such as the NHS, is including and aligning the supply chain, by ensuring the activities and roles they provide, to enable it to meet its strategic goals are included in the overall BCM framework.

A good Business Continuity Management Programme is comprehensive and ever-evolving.

Learning Business Continuity Lessons

Finally, after the pain of managing an incident and restoring services, there are always lessons that can be learnt including:

How to prevent that disruptive event occurring in the future.
Whether the business impact analysis was accurate.
How to improve the quality and access to information required to execute the recovery plan.
How to improve the awareness and education of those involved.
How effective the recovery plans were for this particular incident.

Our team at Assent Risk Management includes Business Continuity Professionals who have helped organisations conduct business impact analysis, establish recovery plans and implement a full framework to ISO 22301.

More reading

BBC News, NHS trusts will activate silver command:

http://www.bbc.co.uk/news/av/health-39903559/nhs-trusts-will-activate-silver-command

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Robert Clements