Monday 15th May marks the first day of Business Continuity Awareness Week 2023.
This year the theme is ‘Embracing the challenge of Resilience’, and each day this week we will be sharing thoughts from OASIS Group industry experts about different elements of resilience.
- 15th May: Cyber Resilience
- 16th May: Supply Chain Resilience
- 17th May: Operational Resilience
- 18th May: Personal Resilience
- 19th May: Organisational Resilience
Today, Iain Tuffill, OASIS Group’s IT Information Security Officer, provides an insight into what Cyber Resilience means to OASIS Group, and how we ensure all data and information is secured at all times:
Cyber Resilience refers to our ability to protect ourselves from the ever-growing number of digital threats that might impact us. This includes the ability to detect cyber-attacks, to respond to them, and if they do ever take place – to recover from them and improve for the future.
There are four key areas we can build on to introduce or increase Cyber Resilience within OASIS. These are Security, Detection, Response, and Recovery.
Within OASIS we take Cyber Resilience seriously, not only to protect our client-held data but also our own. As such, we are constantly looking at new ways to build on our existing security standards and improve on the current industry standard practices as well as our legal and regulatory requirements. This continued effort has enabled OASIS to maintain our ISO27001 certification, Cyber Essentials Plus, and our continued PCI-DSS compliance.
OASIS is constantly looking at new ways to monitor and detect new and evolving threats to our network and services. Systems and alerts are in place to notify team members about any recognised malicious traffic, and block it from entering the network and accessing our services. Notifying team members allows us to look into these events and build a picture of what is happening, to allow for early detection of potential cyber-attacks.
Using the systems and alerting in place, OASIS team members can respond by either permanently blocking the malicious IP addresses from accessing OASIS services, or look to apply updates to the alert systems.
However if an alert needs to be internally escalated, then the incident and all known information at that time is escalated to the OASIS ‘Crisis Management Team’. Here the incident and the known information is reviewed and the OASIS incident playbook is followed until the event is resolved.
After a cyber-attack has been resolved it is important to record any lessons learned and to ensure that these lessons are used to further develop the security in place, as well as contributing to our policies and training.
The OASIS incident playbook ensures the timely recovery of our internal systems and client-facing services. This playbook also requires that the lessons learned are reviewed and implemented as part of the recovery, to further develop our Cyber Resilience.Iain Tuffill, IT Information Security Officer – OASIS Group