Cyber Security Assignment: Business Continuity Plan for Toll Group
Question
Task: Draft a 2000-word equivalent report on cyber security assignment about the use of appropriate business continuity plan for Toll Group to ensure the continuity of critical business processes/operations during the time of emergency/disaster.
Answer
Introduction
Risks that are associated with digital technologies can impact the overall organisation and their business process. It has been observed that cyber-attacks have affected the operations of major business groups in the present decade. The cyber-attacks do not include monetary losses only; it also causes a significant amount of loss in terms of the brand value and reputation of the particular organisation. The modern cyber-attacks are not being organized by any individual. Some malicious organisations have chosen this trade as their mode of earning some handsome resources from the corporate world(Alharthi and Khalifa, 2019). Various kinds of hacking attempts are being performed upon the websites of the companies. In this report, the recent cyber-attacks and their impacts upon the Australian logistics firm Toll Group have been discussed. The company has experienced two ransomware attacks within three months that stole 220 GB of their data. Along with that, a proper Business Continuity Plan and Disaster Management Framework have also been suggested for the organisation.
Organisation Overview: Toll Group
Toll Group is regarded as one of the oldest and most prestigious logistics handlers in Australia. However, things took a turn for the worse for the organisation as it has experienced one of the most massive cyber-attacks in the entire history of the company. The Australian Cyber Security Centre (ACSC) is working with the company for the management of the issue. In the first attack that was launched against the company, a ransomware tool named Mailto was used. After that, the second attack was performed utilizing another ransomware named Nephilim. The abilities of the ransomware and the decoding capacity of them astonished the security experts of Toll Group. It was clear that the attack was performed by any professional group of hackers (Asgary, 2016). The ransomware encrypted most of the essential data of the organisation and demanded a hefty charge via bitcoin for letting them free. The attackers threaten to release all the data in the dark web if the claimed amount was not paid to them. The company was forced to shut the operations down for a brief period as the result of it. It has also been observed that the rate and intensity of the cyber-attacks have been increased after the outbreak of the COVID-19 pandemic.
Risk Management for Toll Group
The identification of the assets of the company is the primary task for developing the risk management strategies for Toll Group. As the company serves in the logistics and transportation industry, the assets of the company would be quite diverse(Herbane, 2020). The critical assets of Toll Group are described in the following section.
- Stock/Inventory
- Intellectual Property (Logistics Strategies)
- Warehouses
- Fleet of Vehicles
The primary sources of income for the company can be described as per the following section.
- Delivery of Cargo for various organisations
- Being a part of industrial transportation services
Risk Management Framework
The risk management framework for Toll Group consists of the identified risk for the company, their impacts and possible mitigation process.
Description of Risk |
Likelihood |
Consequence |
Mitigation |
Network attacks like DDoS |
Probable |
Very High |
Prevention of DDoS has been a significant need for all the businesses of the global market. Implementation of various anti-DDoS technologies is necessary for that purpose. |
Ransomware Attack |
Very Probable |
Very High |
It is necessary to inspect the case with the aid of the Australian security authorities. The identification of the organisation that is behind these attacks is necessary. |
Malware Attack |
Probable |
Medium |
The initiation of utilizing a secure framework for the computers and the addition of security experts to the team is necessary in this regard. |
Crisis Communication Plan (CCP)
The crisis communication plan is necessary for the proper maintenance of the situations of crisis. These kinds of plans provide a predefined framework of unique situations.
- Spokesperson Response
When there is a mistake from the company's end, it is the best approach to admit it and apologize to the users (Järveläinen, 2020). If the company wants to take the other route, it can be incredibly harmful to the loyalty value of the customers. - Protective Damage Control
The organisation should never let their guard down in terms of threats situations. Any potential risk can happen anytime in the process of the business of the company (Herbert-Lowe, 2020). The employees should always be ready to face such an attack. - Case Escalation
If any customer is not happy about any issues, the employees should escalate the case to the higher authorities. It can solve any potential issues before happening. - Social Media Response
The value of social media is enormous when the company is going through a particular crisis. The news, images and videos can spread like wildfire if they are not adequately regulated(Podaras, Antlová, and Motejlek, 2016). If any false news is being circulated about the company, it can be very harmful for the overall reputation of the company. Indeed, social media networks cannot be controlled entirely. But the company should try to regulate the news about them by utilizing legal help. - Customer Feedback
Gathering the feedback of the customer is essential on a periodic basis. In some situations, some crisis may be active in the organisations la prices that are not yet detected by the company. However, it may start affecting the experiences of the customers that are availing the service of the company(RezaeiSoufi, Torabi, and Sahebjamnia, 2019). If the customer feedback system is active, the responses of the customers will reflect the particular situations to the management.
Business Impact Analysis (BIA) for Toll Group
Toll Group is going through a tough time in terms of the overall management of the business process. It is quite astonishing that the company has faced two major ransomware attacks in the present year. The sophistication level of the attacks and the level of encryption has forced the executives to think that it was not organized by any individual hacker. The continuous cyber-attacks and malicious activities of the hackers have impacted the flow of the operations. For designing a proper strategy for mitigating the cyber-attacks, the company needs to identify the critical information about the business modules that can be impacted by the cyber attackers.
Key Stakeholders
The primary stakeholders that are associated with the company would be impacted as the operations of the company would be affected. Like most of the logistics and transport companies, stakeholders of Toll Group can also be classified into four major parts (Setiawan, Wibowo, and Susilo, 2017). They are briefly described in the following section.
- Cargo Owners
The cargo owners are the various organisations that send their cargo to Toll Group for delivering to their respective customers. The ecommerce industry of the country depends on the logistics firms for their massive delivery of products. - Residents
The residents are also dependent on the logistics providers for getting their shipments. All the online shopping that takes place in the country is sent through the logistics partners(Thompson and Pendel, 2016). If cyber-attacks slow the activities of the logistic firms, then the residents will also suffer from that scenario. - Employees
The employees are always a key stakeholder for every organisation. If the company loses their mobility and operational ability, the employees will suffer a lot. - Regulators
The regulators and authorities that govern the relative field of the industry are always eager to maintain the proper functionality of the operations. However, risks in the business can freeze this process as the operations of the company can get halted as the result of the cyber-attacks.
Essential Activities
The business activities that are mainly carried out in the Toll Group consists of the following modules.
- Order Processing
The order processing is the operation that is highly dependent on the performance of the IT services of the company. If the hackers take control of the IT department, then the processing of the orders will be hampered. As a result, all the subsequent phases of work will not be started. - Cargo Handling
The cargo handling process is mainly a manual job. However, the listing of the products is stored in a centralized server of the company(Wallace and Webber, 2017). If this log cannot be accessed, then the location of the products will be almost impossible to find if the area of the warehouse is huge. - Warehousing
Managing all the operations of the warehouse is an integrated part of the logistics services. If the warehouse operations cannot be processed carefully, then the overall delivery will not be hassle-free. - Inventory Control
Inventory control is a fly digital and server-based process. It is not possible to manage the inventory properly if the server and the network are compromised(Xing, Zeng, and Zio, 2019). The company must remove the possibility of cyber-attacks from the system to make this process proper. - Packaging
The packaging is essential for logistics operations. If the products that are being delivered are not adequately packaged, they can get damaged in the way. - Transportation
Transposition is the final and most crucial phase of the logistics wing. It is reasonably necessary to deliver all the products in time as per the requirement of the client.
Probable Impact on the Operations
Various modules of the insertion of the company would be affected by cyber-attacks. The logistics operations are extensively managed by the computers and the storage of the data and information are also entirely dependent on the databases and the servers(Xing, Zeng, and Zio, 2020). If the network and the devices of the company are compromised, then no operations of the company will be possible to be continued. The people that will be affected the most are order processing and warehouse activities.
Business Continuity Strategies and Requirements
The recovery plan of the company is essential for bringing all the operations back to a normal state. However, it is not very easy as the nature of the theta that the company is facing is not typical for the organisation and its executives. The practical recovery activities that the company must do are listed in the following section.
- Hold accepting new orders until the issue is resolved
The company cannot accept new orders until the issue gets fixed. It will reduce the level of revenue but is also essential for the management of the operations. - Create new rules for the delivery of the remaining cargo
The employees must work innovatively for the specific days when the company is trying to fix the issues related to the cyber-attack (Zeng and Zio, 2017). It is necessary for delivering the remaining goods properly to the owners. - Implementation of a proper Disaster Recovery framework
It is necessary to implement a proper disaster recovery framework to manage any situations like this in the future. - Testing the DRP to check its feasibility
Testing of the DRP plan is also necessary to check its utilization against the cyber-attacks. - Identification of the Vulnerable aspects of the IT system
The identification of the vulnerable points of the IT system is necessary to fix them in the upcoming days. - Assess the overall loss of the company after the crisis
The company must assess the overall loss occurred as the result of the crisis. It can be part of the recovery process that is going to be designed in the upcoming period.
Elements of Cybersecurity Standards
The five elements of the cyber security framework of the NIST are listed in the following section.
1. Identify
Identification of the threat is the first step towards the prevention of the issues. It should be done as soon as possible.
2. Protect
The protection measures should be active in the system as per the security requirements of the situation.
3. Detect
The detection process is very critical for the amount of loss in the threat scenario. If the detection is late, the amount of loss will increase.
4. Respond
Response of the employees is very necessary as per the requirement of the situation. The higher authorities should be aware of the situation as soon as possible.
5. Recover
Recovery of the data ensures the proper handling of the situation. It should be done accordingly.
On the other hand, ISACA aims to wards the maintenance of the IT audit program which consists of three main phases.
1. Planning
The planning phase includes all the necessary arrangements and preparation of the strategies.
2. Fieldwork
The fieldwork implements all the necessary actions that are required to do for maintain the audit of the system.
3. Reporting
The reporting phase is very similar to the framework of NIST. It recommends the proper communication between the employees of the particular organisation.
Recovery Time Objectives (RTO) and Recovery Point Objective (RPO)
The analysis of the RTO and the RPO of toll group is essential for the overall understanding of the continuity strategies of the company.
Description of Section |
Vulnerability |
RTO |
RPO (Hours) |
Accounting Application |
Medium |
1-3 Days |
0-8 |
Public Facing Website |
High |
0-2 Hours |
48 |
Order Accepting Portal |
Very High |
0-4 Hours |
0-4 |
Reporting Application |
Low |
5 Days |
96 Hours or More |
Conclusion
It is essential to restore the operations of the company as soon s possible to maintain the reputations of the organisation in the customer base. Apart from it, the maintenance of the security aspects of the company is also essential as repeated incidents like this will decrease the trust of the stakeholders from the brand. If the global shareholders get afraid of these scenarios and do not invest in the company, the overall share price will experience a downwards trend. Apart from that, the cargo suppliers can also sue the firm if delays happen in the delivery of the products as a result of cyber-attacks. The company needs to form a special IT security department as hackers are targeting the servers of the company repeatedly. This investment is necessary for improving the overall security of the system. Apart from it, the help of independent security providers can also be taken.
Reference List
Alharthi, M.N.A.N. and Khalifa, G.S., (2019). Business continuity management and crisis leadership: an approach to re-engineer crisis performance within Abu Dhabi Governmental entities. International Journal on Emerging Technologies, 10, pp.32-40.https://www.researchgate.net/profile/Gamal_Khalifa/publication/334317034_Business_Continuity_Management_
and_Crisis_Leadership_An_Approach_to_Re-_Engineer_Crisis_Performance_within_Abu_Dhabi_Governmental_Entities/links/5d240cf5458515c11c1f4795/Business-Continuity-Management-and-Crisis-Leadership-An-Approach-to-Re-Engineer-Crisis-Performance-within-Abu-Dhabi-Governmental-Entities.pdf
Asgary, A., (2016). Business continuity and disaster risk management in business education: Case of York University. AD-minister, (28), pp.49-72.http://www.scielo.org.co/scielo.phppid=S1692-02792016000100005&script=sci_arttext&tlng=en
Herbane, B., (2020). Locational Contiguity and Business Continuity: Perceived Organizational Resilience of Small-and Medium-Sized Enterprises in UK Business Parks. SAGE Open, 10(2), p.2158244020927417.https://journals.sagepub.com/doi/pdf/10.1177/2158244020927417
Herbert-Lowe, S., (2020). Home truths for all after ransomware attack hits celebrity law firm. Australasian Law Management Journal, (May 2020), p.1.https://search.informit.com.au/documentSummary;dn=177833096314713;res=IELIAC
Järveläinen, J., (2020, January). Understanding the Stakeholder Roles in Business Continuity Management Practices–A Study in Public Sector.In Proceedings of the 53rd Hawaii International Conference on System Sciences.https://scholarspace.manoa.hawaii.edu/bitstream/10125/63980/0195.pdf
Podaras, A., Antlová, K. and Motejlek, J., (2016). Information management tools for implementing an effective enterprise business continuity strategy. https://otik.uk.zcu.cz/bitstream/11025/21488/1/Podaras.pdf
RezaeiSoufi, H., Torabi, S.A. and Sahebjamnia, N., (2019).Developing a novel quantitative framework for business continuity planning. International Journal of Production Research, 57(3), pp.779-800.https://www.researchgate.net/profile/H_Soufi/publication/326214499_Developing_a_novel_quantitative_ framework_for_business_continuity_planning/links/5b4867b9a6fdccadaec483df/Developing-a-novel-quantitative-framework-for-business-continuity-planning.pdf
Setiawan, A., Wibowo, A. and Susilo, A.H., (2017, August).Risk analysis on the development of a business continuity plan.In 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT) (pp. 1-4).IEEE.http://repository.petra.ac.id/17843/1/Publikasi1_04021_4036.pdf
Thompson, J.M. and Pendel, D.L., (2016). Proactive risk assessments to improve business continuity. Choices, 31(316-2016-7809).https://ageconsearch.umn.edu/record/235553/files/cmsarticle_506.pdf
Wallace, M. and Webber, L., (2017). The disaster recovery handbook: A step-by-step plan to ensure business continuity and protect vital operations, facilities, and assets. Amacom.https://pdfs.semanticscholar.org/53ab/411d01f3296c0737fe439558c98ea1d71b68.pdf
Xing, J., Zeng, Z. and Zio, E., (2019). Dynamic business continuity assessment using condition monitoring data. International Journal of Disaster Risk Reduction, 41, p.101334. https://hal.archives-ouvertes.fr/hal-02428516/file/IJDRR-Full%20Manuscript%20DBCA-HAL.pdf
Xing, J., Zeng, Z. and Zio, E., (2020). Joint optimization of safety barriers for enhancing business continuity of nuclear power plants against steam generator tube ruptures accidents. Reliability Engineering & System Safety, p.107067. https://www.researchgate.net/profile/Jinduo_Xing/publication/342069277_Joint_optimization_of_safety_ barriers_for_enhancing_business_continuity_of_nuclear_power_plants_against_steam_generator_tube_ ruptures_accidents/links/5ef2145fa6fdcc2404eaafbd/Joint-optimization-of-safety-barriers-for-enhancing-business-continuity-of-nuclear-power-plants-against-steam-generator-tube-ruptures-accidents.pdf
Zeng, Z. and Zio, E., (2017). An integrated modeling framework for quantitative business continuity assessment. Process Safety and Environmental Protection, 106, pp.76-88. https://hal.archives-ouvertes.fr/hal-01632276/document