Daisy’s Les Price took a five-minute breather from helping our customers, to share his expert business continuity provider perspective on the COVID-19 outbreak. Here’s what he had to say, and you can download the full CIR Magazine article below, with additional industry insight.
What’s your take on how different the response is this time compared with the last pandemic?
The scale, speed and severity of the COVID-19 threat is far higher than that of previous pandemics we’ve experienced, and the response measures across the board have been scaled-up. The UK has not seen this level of event since World War II. We have panic buying, infrastructure closing, lock-downs – the level of risk is unparalleled, and the knock-on effects are where the most significant risks will ultimately arise.
Since the last pandemic, we have experienced a change in the use of our dedicated work area recovery services, with many customers using their suites frequently and for various reasons, not just for emergency use. This has contributed to a better, more coordinated response from customers using our services now to split critical teams and manage risk. For Daisy, our business continuity plans are in full-swing both for our business as usual and specifically, to enable us to continue to meet our service obligations to our contracted business continuity customers.
What’s going to be different in the coming weeks – or even months?
From now, it’s all about the tech. Even the most well-prepared organisations are on the brink of the great unknown. It is unlikely many organisations have tested their remote-working capability to the extent of having all staff, working from home, for an extended time. Initially, IT departments will be busy juggling secure access to applications over the internet to relieve the strain on corporate networks. They will need to monitor all devices to keep users and the company infrastructure safe, as well as working to ensure the technology is delivering the expected levels of productivity for the business. Cybercriminals will inevitably take advantage during the outbreak. There is going to be a huge increase in the number of attack vectors, caused by home working, disrupted processes, quickly introduced IT systems and so on. Security is going to need particular focus throughout the pandemic.
Why are the network and cyber risk huge concerns?
Internally, our pandemic response to the extensive homeworking requirement for our staff has been well-managed and comprehensive, we have been able to increase capacity to accommodate everyone who is physically able to from home. The same is true for many of our contracted business continuity customers, who have planned and tested a pandemic response, and for organisations that have already optimised their infrastructure for remote users. Even though needing to use these plans in practice is never the same as a rehearsal situation (you know what they say about ‘best-laid plans’!) – we can see that the planning pays dividends with an organisation’s ability to work through the reality of the situation, with prepared staff following tested processes.
At the same time, we have dealt with many organisations who were unprepared for the requirement to significantly ramp-up their remote-working capability and are experiencing issues with their capacity. We have also seen organisations who were unprepared for homeworking at all, having never had the need to consider it as an option for staff. These organisations are now having to implement solutions at pace, making quick decisions and doing the best they can with the technology available to enable staff to be able to continue to work, during periods of self-isolation or lock-down. Of course, remote working has its own set of risks, and deploying technology in a short timeframe for use during a pandemic, dramatically increases exposure to those risks as well as increasing the pressure on IT.
We have solutions in our portfolio that meet the security control and regulatory compliance needs for a remote workforce. These include all the things organisations need to protect their existing IT infrastructure: breach detection and behaviour analysis, backup and restore capability, incident management and continuous data protection, and so on. This is all well and good when an organisation is already set-up for remote working. But, for organisations unprepared in terms of hardware and connectivity, it represents a further outlay on-top of the costs of buying, configuring and deploying new hardware and bandwidth.
What is your prognosis on the resilience of companies in the UK when it comes to IT continuity challenges of this magnitude?
From our experience and knowledge of the industry, it’s likely to be a mix of success stories, epic failures and muddling-through. I see this hinging on four core factors.
Firstly, the maturity of the organisation’s business continuity management planning.
Secondly, the organisation’s stage on their digital transformation journey. To illustrate these factors, we currently have our availability services teams busy working with our contracted business continuity customers while the rest of the business works to deliver technology and solutions to those businesses who are less-prepared.
Thirdly, the element of time. Unlike most disruptions where a percentage of business-critical staff can sustain operations for a given time, there is a concern that we are potentially facing months of disruption. An organisation’s resilience will depend on how well they will be able to manage and embrace change and adapt. This will literally be something that only time will tell but previous long-term invocations have shown us that the more time passes, the harder it is to keep control of the business and sustain values, culture and ultimately, revenues.
Lastly, the most important factor, is the people factor – and this is the most intricate, sensitive and unknown element. We are all dealing with the threat of COVID-19 on an individual level; no two people and their environments and experiences will be the same. Multiply this uncertainty by the number of staff you have. It’s an unprecedented event for modern businesses. One certainty is a long-list of lessons-learned for everyone.