Managing Variable Cyber Environments with Organizational Foresight and Resilience Thinking Eveliina Hytönen, Jyri Rajamäki and Harri Ruoslahti Laurea University of Applied Sciences, Espoo, Finland eveliina.hytonen@laurea.fi jyri.rajamaki@laurea.fi harri.ruoslahti@laurea.fi Abstract: Combining business continuity management (BCM) and systematic cyber threat intelligence (CTI) can improve cyber situational awareness to support decision-making through the phases of the resilience cycle (plan, absorb, recover, adapt) to ensure the continuity of organizational operations when encountered by cyber disruptions. End-user needs, human factors, high ethical standards, and social impacts can best be adapted when professionals from different fields work together with end-users to refine and co-develop selected tools into a platform. A resilience assessment that combines BCM and CTI enables 1) quick or detailed assessment of the investigated industry and its critical processes, 2) measurement of performance goals based on information received from end users, where artificial intelligence-based self-learning approaches can be used for functional descriptions, 3) information on the sensitivity of the investigated industry and vulnerability and 4) resilience and BCM throughout the entire resilience cycle. A new Horizon Europe project DYNAMO (Dynamic Resilience Assessment Method including a combined Business Continuity Management and Cyber Threat Intelligence solution for Critical Sectors) works towards combining BCM and CTI to generate a situational picture for decision support. Having this in mind, certain cybersecurity and BCM tools will be developed, refined, and integrated into the DYNAMO platform to provide decision support and awareness to chief information security officers, cybersecurity practitioners, and other stakeholders. This paper reports a case study that explores how combining CTI and BCM can help in the case of a cyber-attack. The research material consists of the news articles by the largest newspaper in Finland, Helsingin Sanomat (HS) of how the cyber attack against the therapy center Vastaamo progressed during the first week after the attack. The results show that cyber threat intelligence when flexibly integrated into the BCM approach could create better conditions for improved organizational foresight to react to unpredictable cyber threats to ensure business continuity. Keywords: Cyber Threat Intelligence, Business Continuity Management, Resilience, Situational Awareness 1. Introduction Business continuity management (BCM), crisis management (CM), disaster recovery (DR), and resilience are related concepts, the purpose of which is to secure the critical functionality of the system in all situations. Risks and crises are often a derivative of external stressors, while the organization's resilience is more intrinsic, and in this sense, the priority of preventive behaviour at the organizational level is the preparation of various procedures to respond to crises or critical events (Linkov et al., 2014). Traditionally, BCM combines risk management and quality management. DR involves the re-establishment of systems and functions to recover from a disaster. The BC Plan lists the steps to be taken to ensure the continuity of critical business operations. (Sawalha, 2021.) Figure 1 presents the management cycles of BCM and resilience management. The holistic BCM process identifies potential threatening impacts on the organization and provides a framework for developing resilience and the ability to respond effectively to protect the system and the interests of the key actors. The goal of resilience engineering is to improve resilience by reducing the drop in capability and speeding up recovery. The goal of resilience management is to learn from unwanted events and thus improve the system's capability. 162 Proceedings of the 18th International Conference on Cyber Warfare and Security, 2023