Daisy’s business continuity management (BCM) consultants share their thoughts and predictions for 2019.
2018 brought us some staggering data breaches – and Facebook wasn’t necessarily the biggest. So what can we learn from them and what might be expect in terms of business continuity and disaster recovery in 2019?
Disaster strikes when you least expect it and a data breach, ransomware attack or even a phishing scam all have the potential to completely derail your business. Here, seven business continuity experts share their thoughts and predictions for the year ahead.
David Davies MBCI, BCM/ITSC Consultant, Daisy
13 January 2018 saw state emergency alert systems in Hawaii use television, radio and mobile phones to broadcast the message: “Ballistic missile threat inbound to Hawaii. Seek immediate shelter. This is not a drill.”
Understandably, this terrifying message cause state-wide panic… And it was sent by mistake by a government official. What’s more, it took a staggering 37 minutes for a second message to be sent stating that the first message was in fact a false alarm.
Whilst this particular incident was caused by human error, imagine what would happen if a similar false alarm was triggered as part of a premeditated cyberattack, whilst perhaps altering news websites to deliver “fake news” at the same time and this causing a civil emergency?
My concern for 2019 is that whilst we rightly focus on both the private and public sector data breach aspects of cyberattacks, there is potential for more sinister attacks to be used as cyber-warfare. What if a combined false alarm/fake news scenario was delivered as a state-sponsored attack, as a show of capability, or even as a ruse to distract the attacked nation from a military assault?
Eugina Pierre MBCI, ITIL, Business Continuity Consultant, Daisy
With the intensifying demand for cloud storage, and its growing flexibility at an affordable rate, it’s no shock that all types of organisations are following suit. However, the question can be asked whether the IT Managers and CEOs of some of these companies are disregarding the inherent security risks linked with cloud storage?
Through conducting Business Impact Analysis and discussing manual workarounds for critical IT systems etc., there seems to be a common assumption that an IT system which is accessed or backed up via the cloud will have practically 100% uptime with little risk of data leakage.
This poses the question on whether some companies feel because they are transferring security risks to a larger organisation, that full protection of their data is guaranteed. It should be taken into account that an adversity at a cloud provider can affect each and every one of its customers.
Therefore, for 2019, CEOs and IT managers would be prudent to have a more balanced view of physical and virtual IT risk and take a proactive approach to ensuring cloud risks are being continually mitigated by their cloud providers throughout the relationship of the service.
Petra Morrison MBCI, BCM Consultant, Daisy
Petra predicts an uptake in software to release crucial time and resources for Business Continuity managers…
To reduce the risk of spiralling BCM programme costs and to get to value more quickly, I think 2019 will see slow but continued take-up of BCM software as organisations look to reduce BCM programme costs and create sustainable BCM cultures. This is the data age, and as proven in many other disciplines, the use of software can release time and resources. In the case of BCM software, workforces can continue with their day jobs or focus in more depth on those risks and issues of most concern. I also predict that those who choose to leverage BCM software in 2019 and beyond will see faster development in both quantity and quality of BCM competence and capabilities within their organisation.
Craig Hilton, Business Continuity Consultant, Daisy
Craig warns of the dangers of complacency for SMEs…
“2019 – The year of complacency on climate change. Although the world is waking up to the effects of climate change and larger organisations are implementing business continuity plans to protect against these extreme weather events. Small and Medium-sized Enterprises (SMEs) are still largely ignoring the threats and the disruption these events will cause.
Year on year we see more extreme weather patterns, for example, 2018 was one of hottest years on record. Prior to that the winter of 2013/14 was confirmed by the Met Office to be the wettest winter since records began. Warmer winters, extreme rainfall and severe flooding are becoming more common place. As a result of the high rainfall in 2013/14, three thousand of the nation’s businesses were impacted by flooding.
SMEs should start thinking about the likelihood and impact of extreme weather on their business and act up upon it. SME business owners should therefore consider implementing an effective Business Continuity Management (BCM) program and supporting strategies to protect their livelihood. The cost of implementing BCM could be somewhat offset against reduced insurance premiums.”
Russell Williams, Principal Consultant, Daisy
Russell warns against ‘switching off’ from the dangers of cyber threats…
“2019 – The year of complacency and overreaction! I think there is a danger of the industry and consumers becoming desensitised to data breaches as a result of over exposure. They seem to be happening so regularly now that people are going to shrug their shoulders – unless of course they are impacted personally. On the other side of the same coin, I think 2019 might see the first CEO or CIO lose their job through mishandling a breach or incident, and potentially go to jail in order for the regulator of Government to prove a point.”
Matthew Gilbert, Managing Consultant, Daisy
Matthew asks some key questions around agile working…
“2019 – Is the increase in agile working practices leading organisations into a false sense of resilience? Are companies paying closer attention to their SaaS and network providers as a result of agile working? Have the long term implications of home / agile working been thought through when used as a recovery strategy? How are organisations managing communication in this diverse environment to effectively manage incidents? Does any of this matter, or is it just more of the same, with a different flavour…. “
Colin Jeffs, Head of BCM Consultancy, Daisy
Colin points CIOs and CISOs in the right direction…
“2019 – Security breaches and data loss are the new focal points for organisations. This is absolutely the right place to focus efforts at this time, but without the input and support of BCM teams, are organisations focussing such efforts in the right areas? BCM teams hold more information about an organisation and its critical data than virtually any other department and understand the impacts of losing or breaching such data. CIOs and CISOs would be well advised to tap into such a wealth of knowledge and information in order to help them better protect their organisation data and focus effort and resources in the right areas. In addition to this, are organisations spending their precious funds wisely and in the ‘right’ places to ensure the ‘right’ data receives the ‘right’ level of focus in the backup and recovery funding pot? With limited funds available to secure important data, ensuring the most critical data is backed up in the most effective and secure way ahead of less critical data that may be on the same server can be a challenge. Backing up all data may not be the ‘right’ solution when only some of it is deemed business critical. In doing so, an organisation may be making the recovery of its critical data much harder and it would take much longer to achieve!