×
Home
Members

Why Join AMCHAM T&T? Member Directory Executive Member Directory

Code of Professional Ethics & Conduct Member Feedback & Surveys

Become a Member

Join the Movement for Free and Fair Trade and Investment. Become a member today!
Register Now
Committees

CEI Committee TAG Committee ESG Committee

H.S.E. Committee Legislative Committee Trade & Investment Committee

Security Committee Digital Transformation Committee Rule of Law (RoL) Committee
News

Featured News

News Media Releases ---

budget recommendations

2023/2024 Budget 2023 - Members Feedback ---
Events

upcoming events

Annual General Meeting (AGM) 2024
--

conferences

HSSE Conference & Exhibition Women's Leadership Conference (WLC)
ESG Conference

Tech Hub Islands Summit (THIS) --

meetings & workshops

Economic Outlook Forum 2024 Annual General Meeting -- -- --

WEbinars / other events

National Excellence in HSE Awards 2024 Small Talk Big Links Ambassador's Reception

Projects/programmes

Women in Leadership Mentorship Programme National Resource Tracker Project --
--
Linkage Magazine

The Current Issue

Click the button below to view the current issue.
Read more

The Past Issues

Click the button below to view the past issues.
Read more
Sign in

SECURITY WATCH
Safeguarding Corporate Integrity:
A Strategic Blueprint for Cybersecurity Resilience

By Stephen Juteram

LINKAGE Q1 (2024) - TRENDS

E nvision this scenario: it's the early morning of the first day of Carnival. An on-call analyst wakes up, opens her laptop, and encounters a chilling predicament: unable to access any files, with everything locked. A menacing message on the screen declares, "Everything is locked, and now you must pay."

- What should the analyst do in this critical moment?
- How would you respond if you received such a call amid a celebration?
- Who would be your immediate point of contact?

As panic ensues among employees, customer calls are pouring in. Despite management's efforts to formulate a plan, files begin to leak, and chaos prevails. The CEO and Board of Directors are left questioning how the organisation arrived at this perilous juncture. Let's examine alternative strategies that could have averted this crisis.

Ransomware and cyberattacks, once sporadic, have become an inherent part of the business landscape. Daily, at least one company succumbs to public compromise by ransomware or online criminal groups. Small to medium-sized organisations, once immune, now face threats through partners, third-party suppliers, or the indiscriminate pursuit of financial gain by threat actors.

During a cyberattack, managing technical recovery alongside uninterrupted business operations emerges as a critical challenge. Yet, these two facets often present conflicting interests. On one hand, revenue generation is paramount to fund recovery efforts, necessitating a swift return to business as usual. On the other hand, hasty rebuilding can expose the organisation to immediate reattacks. To address this delicate balance, organisations must prepare for potential attacks through robust Business Continuity Plans (BCPs) and Disaster Recovery Plans.

Securing Operational Continuity
A Business Continuity Plan (BCP) is "a detailed strategy and set of systems for ensuring an organisation’s ability to prevent or rapidly recover from a significant disruption to its operations" (Vmware, 2024). Today, BCPs that incorporate cyber recovery are indispensable. Disruptions, whether natural or cyber-related, necessitate activating a BCP. While natural disasters like earthquakes or storms are acknowledged, cyber incidents, including attacks, are more prevalent. A comprehensive BCP should outline strategies for business continuity even if major systems are compromised.

- Can clients pay invoices through alternative means if payment systems are down?
- How long can payment deferrals occur without penalties?
- Who communicates information to the board and employees?
- What is the public communication strategy in the absence of usual forums?
These considerations must be part of a robust BCP.

Rebuilding System Resilience
A Disaster Recovery Plan addresses the rebuilding and recovery of systems. Critical questions arise:
- What is affordable to rebuild, and what isn't?
- Which systems take precedence?
- Is there an inventory of all elements connected to the systems?
- Could there be lingering access points for attackers within the infrastructure?
- Who is capable of responding to a disaster?
- What risks may surface during the rebuilding process?
- Which systems are indispensable for business continuity?

Balancing the imperative for rapid recovery with a meticulous investigation is pivotal. Full forensic investigation demands time, money and other resources, while quick rebuilding, though restoring operations swiftly, might lead to overlooking crucial aspects of the attack. Prioritising resources and determining acceptable risk levels guide effective recovery planning.

The worst time to strategise disaster recovery is during a disaster. Establishing responses and allocating resources in advance is essential for mitigating the impact of a major event on the organisation. Both plans need regular rehearsal, akin to a well-executed playbook. Without practice, identifying weaknesses becomes challenging. Regular reviews, especially after personnel changes, are imperative. Quarterly reviews and post-incident assessments further enhance plan efficacy.

Tabletop exercises serve as valuable tools for running BCPs or disaster recovery plans in simulated events. Participants rehearse their roles in a controlled environment, customising scenarios to the organisation's risk profile and potential threats. Preparing for threats specific to the organisation enhances team preparedness.

In a world where cyberattacks are inevitable, being prepared is not a choice but a necessity. Business continuity plans and disaster recovery plans are essential to limit the impact of an attack on the organisation. However, before implementation and rehearsal, organisations must understand their infrastructure, critical systems and data locations. Predicting the unpredictable may be impossible, but anticipation, planning and proactive defense against threats are within our control.

ABOUT THE AUTHOR

Stephen Juteram is the Vice President - Caribbean Region at Hitachi Systems Security Inc.

LINKAGE Q1 (2024) - TRENDS

E nvision this scenario: it's the early morning of the first day of Carnival. An on-call analyst wakes up, opens her laptop, and encounters a chilling predicament: unable to access any files, with everything locked. A menacing message on the screen declares, "Everything is locked, and now you must pay."

- What should the analyst do in this critical moment?
- How would you respond if you received such a call amid a celebration?
- Who would be your immediate point of contact?

As panic ensues among employees, customer calls are pouring in. Despite management's efforts to formulate a plan, files begin to leak, and chaos prevails. The CEO and Board of Directors are left questioning how the organisation arrived at this perilous juncture. Let's examine alternative strategies that could have averted this crisis.

Ransomware and cyberattacks, once sporadic, have become an inherent part of the business landscape. Daily, at least one company succumbs to public compromise by ransomware or online criminal groups. Small to medium-sized organisations, once immune, now face threats through partners, third-party suppliers, or the indiscriminate pursuit of financial gain by threat actors.

During a cyberattack, managing technical recovery alongside uninterrupted business operations emerges as a critical challenge. Yet, these two facets often present conflicting interests. On one hand, revenue generation is paramount to fund recovery efforts, necessitating a swift return to business as usual. On the other hand, hasty rebuilding can expose the organisation to immediate reattacks. To address this delicate balance, organisations must prepare for potential attacks through robust Business Continuity Plans (BCPs) and Disaster Recovery Plans.

Securing Operational Continuity
A Business Continuity Plan (BCP) is "a detailed strategy and set of systems for ensuring an organisation’s ability to prevent or rapidly recover from a significant disruption to its operations" (Vmware, 2024). Today, BCPs that incorporate cyber recovery are indispensable. Disruptions, whether natural or cyber-related, necessitate activating a BCP. While natural disasters like earthquakes or storms are acknowledged, cyber incidents, including attacks, are more prevalent. A comprehensive BCP should outline strategies for business continuity even if major systems are compromised.

- Can clients pay invoices through alternative means if payment systems are down?
- How long can payment deferrals occur without penalties?
- Who communicates information to the board and employees?
- What is the public communication strategy in the absence of usual forums?
These considerations must be part of a robust BCP.

Rebuilding System Resilience
A Disaster Recovery Plan addresses the rebuilding and recovery of systems. Critical questions arise:
- What is affordable to rebuild, and what isn't?
- Which systems take precedence?
- Is there an inventory of all elements connected to the systems?
- Could there be lingering access points for attackers within the infrastructure?
- Who is capable of responding to a disaster?
- What risks may surface during the rebuilding process?
- Which systems are indispensable for business continuity?

Balancing the imperative for rapid recovery with a meticulous investigation is pivotal. Full forensic investigation demands time, money and other resources, while quick rebuilding, though restoring operations swiftly, might lead to overlooking crucial aspects of the attack. Prioritising resources and determining acceptable risk levels guide effective recovery planning.

The worst time to strategise disaster recovery is during a disaster. Establishing responses and allocating resources in advance is essential for mitigating the impact of a major event on the organisation. Both plans need regular rehearsal, akin to a well-executed playbook. Without practice, identifying weaknesses becomes challenging. Regular reviews, especially after personnel changes, are imperative. Quarterly reviews and post-incident assessments further enhance plan efficacy.

Tabletop exercises serve as valuable tools for running BCPs or disaster recovery plans in simulated events. Participants rehearse their roles in a controlled environment, customising scenarios to the organisation's risk profile and potential threats. Preparing for threats specific to the organisation enhances team preparedness.

In a world where cyberattacks are inevitable, being prepared is not a choice but a necessity. Business continuity plans and disaster recovery plans are essential to limit the impact of an attack on the organisation. However, before implementation and rehearsal, organisations must understand their infrastructure, critical systems and data locations. Predicting the unpredictable may be impossible, but anticipation, planning and proactive defense against threats are within our control.

ABOUT THE AUTHOR

Stephen Juteram is the Vice President - Caribbean Region at Hitachi Systems Security Inc.

USeful links

About AMCHAM T&T
Board of Directors
The Secretariat Team
Investors
FAQs
Contact Us

USeful links

Key Government Ministries
Local Chambers and Contacts
Embassies and Diplomatic Corp
Other

# 6 Scott Street,
St. Clair, Port of Spain,
Trinidad, W.I.

T: (868) 622-4466; 295-4869

Mailing Address
P.O. Bag 150, Newtown,
Port of Spain
Trinidad and Tobago.

neeralaboodoo@amchamtt.com

Copyright © AMCHAM T&T

Terms & Conditions | Members Code of Professional Ethics and Conduct