How do crisis management and business continuity relate to cybersecurity? Iowa Carels answered this question in her interactive lecture where our students got to create their own crisis management exercises.
Business continuity focuses on preparatory planning with the aim of ensuring that the most important aspects of their business will continue to function in spite of a calamity. It also focuses on the recovery of a business, including its less important aspects, if a crisis were to occur.
Business crisis management encapsulates business continuity within it, but is much broader. Business crisis management starts before the process of business continuity and continues long after. It involves actions such as identifying risks and addressing them before they have the ability to turn into a crisis.
As cyber attacks on companies (such as DDoS attacks) are becoming increasingly common, all businesses must now be prepared to face a cybersecurity crisis if or, maybe better said, when it happens.
In the afternoon, Ilya Tillekens from Hudson Cybertec gave another lecture on OT Security, presenting very interesting real-life examples.
OT stands for “Operational Technology”, and is distinct from IT, or “Informational Technology”. OT monitors and controls the functioning of real-world, physical devices. OT is often used to regulate industrial systems. Traditionally, OT systems are not connected to internet networks, which is predominately what makes them distinct from IT systems. Now, however, with an increasing number of devices becoming “smart”, a convergence between IT/OT devices is rapidly occurring. For instance, coffee-makers use to consist strictly OT technology, but now that they are being connected to the internet so they can be operated from a remote distance via someone’s cellphone, this represents OT/IT convergence.
OT security systems play a role in ensuring that critical infrastructure such as power stations, dams, and public transport function. Thus, making sure they are safe from tampering is essential.