Continuity News Vol. 5

Continuity News

Gryphon Partners is pleased to present volume 5 of Continuity News, the newsletter that focuses on a wide spectrum of emerging threats and offering mitigation strategies. If you would like more information on how we can help your organization, please write us at info@kathryncostellophotography.com

Current Issues Affecting Continuity

Continuity programs allow for the vital business operations to continue uninterrupted in all circumstances, minimize damage and allow management to be in a good position to direct reconstruction of damaged infrastructure. Virtually every incident that affects business operations can be prevented or mitigated with a good continuity plan.

All industries

In recent editions, we discussed cyber-attacks against utilities. Earlier last week, both the United States Computer Emergency Readiness Team (CERT) and the United Kingdom’s Government Communications Headquarters (GCHQ), warned that state actors may have infiltrated Industrial Control Systems and recommended that utilities and other critical infrastructure take immediate steps to further secure their systems.

Not only are threats to companies increasing – and are getting more sophisticated – but cybercriminals are also specifically targeting senior executives while traveling.

We’ve known for years that public Wi-Fi can be a threat to privacy, but recently the DarkHotel hacking group has deployed a new variant of their malware named Inexsmar in hotels. The hackers, whose identities are largely unknown, research their victims extensively and craft an email that is directed specifically at that individual. The email contains a Word or PowerPoint document that doesn’t include links or malicious content but– while opening – is intended to mask the fact that malware is being downloaded via the compromised hotel internet. The contents of the Word or PowerPoint document is not suspicious and if often of interest to the target. Most recent versions we have seen discuss North Korea’s economy.

This is a very advanced attack and researchers are unsure of the ultimate purpose but they believe it is state sponsored. The targeting of senior employees and Government officials is a threat to continuity of organizations.

Let’s get back to traditional continuity 

While cyber is a non-traditional threat to continuity, there is a threat to continuity that is often overlooked.

Companies often go to great lengths to assure that they have a viable continuity program. They have evaluated their susceptibility to various risks and have taken steps to mitigate those risks. They have established alternate sites to conduct their most vital missions and have methodologies in place for assessing new threats. But do the subcontractors, companies and other organizations they rely on to provide their services have equally robust continuity plans?

In March of 2011, parts of Japan were hit by the now historic tsunami that caused catastrophic problems – but it was also a continuity event for many foreign companies that could have been easily avoided by vetting the continuity plans of their suppliers.

A fairly little-known example is that of the automotive industry. While we can understand the effects of the tsunami on the Japanese industry, the effects on the rest of the automotive industry was not so obvious.

The German chemical giant Merck owned a factory that made a paint pigment called Xirallic. This pigment gave certain paints additional sparkle and Merck was the sole supplier to BMW, Acura and many others. That factory was destroyed.

In this global economy, the automotive industry competes on “just-in-time” deliveries, keeping little stock on hand. If a delivery is late, then the factories stop. Here, the companies had to change paint formulations within days – Acura/Honda from White Diamond Pearl to Bellanova White Pearl & BMW from Carbon Black to Carbon Black II.

More importantly, while some companies like BMW weren’t relying on Asia for all their electronics, they found out that while their navigation systems were sourced elsewhere, there was only one company that supplied them with an integrated circuit that was required for the stand alone rear-view cameras on the BMW 5 series. That factory was destroyed as well and BMW had to give heavy discounts on the navigation system to customers who only wanted the backup camera – the delays to source a new supplier for the integrated circuit were significant and would have resulted in lost sales.

Merck learned a valuable, but expensive, lesson and is now no longer producing any items in just one factory. BMW and the rest of the automotive industry are now making sure that they either have multiple suppliers or that their suppliers have a viable continuity plan to guarantee that they can deliver.

Gryphon Partners will be happy to help you with your continuity, security or insider threat programs. Please reach out to us to discuss your needs.