The thought of IT failure disrupting your organisations ability to access client or corporate information or for that matter, operate at all fills every business owner with sheer dread. Not only does this risk carry big financial implications but also reputational damage, risking your customers leaving in droves directly into the arms of your competitors.
A significant proportion of companies do have a strong focus on backup and Business Continuity however the focus is primarily on recovering the infrastructure and resuming normal operations in case of a disaster. This leaves the question are businesses investing in security and resourcing to guard against loose of business critical services and more importantly data loss?
Statistics state that 20% of all companies will at some point in time suffer from fire, theft, the unpredictability of Mother Nature, terrorism or hardware/software faults. Frightening is that of those without a business continuity plan, a staggering 43% will never re-open, 80% fail within 13 months and a shocking 53% of claimants will never recoup the losses incurred by a disaster.*
The figures highlight that there are still far too many businesses ill prepared should an IT disaster strike. There could be multiple factors for this such as resourcing issues, having the necessary expertise right down to not being able to choose the right insurance policy because it doesn’t provide the guarantees of paying out in certain scenarios.
Putting in place a Business Threat Management or Business Continuity Response which ensures your IT can operate after an incident doesn’t have to cost the earth. It will however, if undertaken correctly, save your business from lost time, loss of sales and the ability to conduct business as normal.
IT failure does not only come down to just infrastructure issues. It is important to consider any threats that might impact your IT operation, ranging from internal threats, for example the human error, the accidental deletion of business critical information or entering the wrong data, a regular process that goes wrong, (Well known banks have suffered from such failures causing disruption to daily transactional processing), or a malicious attack coming from inside your boarders. Each an every one of these threat vectors requires different members of your IT team to respond, network, security, DBA’s, but all rely on a robust and planned security response plan to restore critical business infrastructure and systems as quickly and safely as possible.
External risks to your IT system are also rife, have you considered your options if you were subject to a Denial of Service (DoS) attack, ransom ware and complete takeover of your IT assets? Believe it or not, all of these will have the same devastating effects on your business as hardware or software failure. Just take the example of a well known County Council shutting down their entire network in response to such as attack.
What would you do if you went to bed with a fishing business website to wake up and find out your site was now supporting some form of criminal activity? It’s happening every day.
Surprisingly, these external and internal issues are often over looked, yet they really can have disastrous consequences if they are not considered and planned into a Business Threat Management or Business Continuity project.
The key to Business Threat Management is understanding that you can’t stop every attack, which may come from and internal or external source, so planning to ensure that your business is not exposed where it doesn’t need to be and mitigating the threat when it has to be. It needs a “corporate” response.
Just think for a moment, if an attack that affected your users or breached your data happened to you, would you know how to respond to the press if you were approached? How would you release information to your clients? How would you financially plan for this event? A major broadband provider latest cyber-attack showed that even a large IT user was unable to confirm to customers for a period of two weeks that their data was compromised.
Don’t miss next week’s blog post where Dave Shearman from Security Dialogue explains about where cyber threats are coming from and what security measures you can take to defend your business.