(08 Sep 2022, 9:51 pm)Ambassador wrote So I work in a risk and controls heavy environment and as much as I don’t wish to criticise (wellll) the lack of back up or getting things back online is…poor.
Although I doubt the go ahead group or at least it’s regional subsidiaries pay/attract anything but lower market rate level employees in most roles, it’s concerning there is no back up in place to support Customers or indeed a confirmation that customer data definitively wasn’t involved in the attack.
Turn up and hope…..
It's never that easy, regardless of whether there's a robust business continuity and disaster recovery plan in place.
From business continuity, its largely been successful, as the customers haven't noticed anything different (other than the website not being updated). Buses still running, fares still being taken, mobile app and website both up.
Disaster recovery is another matter, and no company would ever share the progress of this. But it doesn't matter how many DR simulations you run, its different from the real thing. You don't have any clues in terms of entrypoint, what has been targeted and the extent of damage. Until that is worked out, its pointless starting wholesale service recovery. Even at that, you cannot predict how recovery operations are going to perform in the IT world. As much as everyone outside the IT dept think you can.
Sent from my SM-G965F using Tapatalk