29
Nov 17

Continuity Central – Common trends and weaknesses in crisis preparedness and business resilience

Victoria Cross, managing partner, Instinctif Partners’ Business Resilience team, discusses the top trends which have emerged from the company’s CrisisOptic and RecallOptic online diagnostic and benchmarking tools over the past year.

In the year since the CrisisOptic and RecallOptic tools have been available, we have helped over 50 businesses and organizations to quantify their business resilience. Three areas have emerged as common weaknesses in crisis preparedness and business resilience strategies and the following article looks at these in turn:

Post-incident review is a weak area

A score of 100 percent is the highest that can be achieved in each category measured, with the Review category (conducting and learning from a post-incident review) being identified as the most common area of weakness. Many of the companies obtained a low score in this area, with some even scoring zero. The average score was 50.7 per cent.

Interestingly, although overall it might be expected that larger companies would generally score more highly, size has not proved a clear indicator of preparedness. In fact, we have seen both global brands and small manufacturers scoring zero in this category.

More of the Continuity Central post


09
Nov 17

Continuity Central – Cascading effects and escalations in wide-area power failures

A new academic paper has been published that looks at the cascading impacts of wide-area power outages. Supported by London Resilience, the paper has been written by the Cascading Disasters Research Group of UCL’s Institute For Risk And Disaster Reduction.

‘Cascading effects and escalations in wide-area power failures’ aims to “provide a synthetic overview of the cascading effects caused by wide-area power failures, and to define the recurrent impacts and sources of escalation.”

The format uses bullet points and examples to facilitate reading in conditions of limited availability of time.

More of the Continuity Central post


07
Nov 17

ZDNet – SaaS, PaaS, and IaaS: Understand the differences

Understanding the cloud is critical to the future of business. Here’s a brief explanation of the three layers by which cloud services are delivered.

Cloud computing is one technology moving faster than almost all others toward becoming table stakes in enterprise IT. In 2017 alone, the public cloud services market is predicted to grow 18 percent, hitting a value of $246.8 billion, according to research firm Gartner.

Understanding the cloud can help business leaders make more strategic investments and remain competitive going forward. Cloud clarity starts with understanding the model itself.

As a service
According to 451 Research analyst Carl Brooks, for a technology solution to qualify as “as a Service,” it has to meet the National Institute of Standards and Technology (NIST) definition parameters, which he paraphrased as “self-service, paid on-demand, elastic, scalable, programmatically accessible (APIs), and available over the network.”

More of the ZDNet article from Conner Forest


01
Nov 17

Continuity Central – PwC survey highlights massive corporate planning failures when it comes to cyber security

44 percent of the 9,500 executives in 122 countries surveyed say they do not have an overall information security strategy; 48 percent do not have an employee security awareness training programme, and 54 percent don’t have an incident response process.

PwC has published its 2018 Global State of Information Security Survey (GSISS).

Executives worldwide acknowledge the increasingly high stakes of cyber insecurity. 40 percent of survey respondents cite the disruption of operations as the biggest consequence of a cyber attack; 39 percent cite the compromise of sensitive data; 32 percent cite harm to product quality, and 22 percent cite threat to human life.

Yet despite this awareness, many companies at risk of cyber attacks remain unprepared to deal with them. 44 percent say they do not have an overall information security strategy. 48 percent say they do not have an employee security awareness training programme, and 54 percent say they do not have an incident response process.

More of the Continuity Central post


31
Oct 17

ZDNet – DIY-IT guide to disaster preparedness: Because it’s always something

2017 has been an extremely difficult year for much of North America. We were hit with hurricanes Harvey, Irma, and Mary in the southeast, and wildfires through much of the west. Other regions suffered their own disasters and challenges, as well.

Hurricane risk blankets the southern and eastern coasts. Landslides occur anywhere the ground is too soft with too many rainstorms. Even in areas not normally subject to coastal hurricanes, heavy rains can cause catastrophic flooding. High winds and atmospheric conditions cause tornadoes, particularly through the middle states. Tectonic fault lines slice through the core of of our nation, causing small and devastating earthquakes.

More of the ZDNet article from David Gerwitz


30
Oct 17

Continuity Central – Future business continuity: how technology and strategy improvements will impact the profession

The business world is facing a period of rapid change with various emerging technologies, especially artificial intelligence and machine learning, expected to fundamentally change the structure of organizations and society. How might these developments impact the business continuity profession? Charles Boffin makes some suggestions…

Everyone agrees that business continuity will be changing over the next few years and into the foreseeable future; but, as with any other changing landscape, the future is never a specific of finely shaped object: it is a vision. For business continuity, the end vision is a fully resilient environment which means that things don’t fail and, if they do, they are resolved immediately with no loss of service. This general view of the future of our profession is fine as we build our technological credentials and capabilities, but there are three prime movers involved, and each requires a different response:

1. External factors that can be forecasted

This covers issues such bad weather, demonstrations and civil unrest, economic factors, viruses (human!) and other aspects where we can see events unfolding or likely to happen in a given place. In these cases, responses can be planned and contingencies created.

More of the Continuity Central post


26
Oct 17

Continuity Central – Key trends in business continuity invocations

ach year Sungard AS publishes a summary of its business continuity service invocations, providing useful insights into incident trends. Here Daren Howell presents four key trends from the most recent data.

It’s easy to take for granted or forget the extent to which our lives now rely upon technology that is always on. Every now and again, however, something happens to remind us of this reliance and it’s often an uncomfortable situation for everyone involved. As IT environments become increasingly complex, unfortunately these types of incidents are only going to increase.

Over the past few years, there has been a steady uptick in the number of instances that businesses have required recovery services, reversing what was a long-established downward trend. Businesses are facing an evolving threat landscape, with the increase in malicious cyber attacks, alongside changing working habits that have seen more flexible approaches to the workplace environment and the infiltration of different and more complex technologies such as Artificial Intelligence and the Internet of Things. It’s perhaps, therefore, unsurprising that the need for recovery support is on the rise, however it is not always for the reasons you would expect.

More of the Continuity Central post


07
Sep 17

Continuity Central – Crisis preparedness and its impact on shareholder value

All commercial organizations operating in the digital era exist within a challenging landscape. Underlying trust is weak; expectations of good, transparent governance are high; and acceptance of failure is low.

At the same time, communicating with stakeholders is becoming more complex as traditional addressable audiences fragment into ever-evolving, always-online socially-connected communities, guaranteeing that issues and crises play out very publicly and swiftly.

To navigate these challenges successfully and to protect value for shareholders as companies grow, it’s vital to enhance business resilience. Reducing risk and building trust should be as important as innovating and pursuing operational excellence.

What is a crisis?

The British Standard for Crisis Management (BS 11200:2014) defines a crisis as “An abnormal and unstable situation that threatens the organization’s strategic objectives, reputation or viability.” Understanding this definition is vital in helping an organization to prepare itself to deal with a crisis. Through worst-case scenario planning, organizations can identify what abnormal events they could be exposed to, the impact of abnormal events on the ability to execute strategic objectives, and the damage that could be caused to reputation and viability.

More of the Continuity Central post from Robert McAllister


09
Aug 17

Continuity Central – To BIA or not to BIA is not the question…

Continuity Central recently conducted a survey to seek the views of business continuity professionals on whether it is feasible to omit the business impact analysis (BIA) from the BC process. Mel Gosling, FBCI, explains why he believes this is the wrong question to ask…

The Big Picture

It’s always useful to step back and see the big picture, and with the question of ‘To BIA or not to BIA?’ this bigger picture is that the BIA is an integral part the business continuity management (BCM) process specified in ISO 22301 and promoted by business continuity professional associations such as the BCI in its Good Practice Guidelines. Rather than looking closely at the detailed question, we should look at the bigger picture and ask ourselves whether or not we should use this specific BCM process at all.

More of the Continuity Central article


27
Jul 17

SearchDataCenter – Distributed data centers boost resiliency, but IT hurdles remain

Distributed data center architectures increase IT resiliency compared to traditional single-site models, with networking, data integrity and other factors all playing critical roles.

Architectures that span distributed data centers can reduce the risk of outages, but enterprises still must take necessary steps to ensure IT resiliency.

Major data center outages continue to affect organizations and users worldwide, most recently and prominently at Verizon, Amazon Web Services, Delta and United Airlines. Whether it’s an airline or cloud provider that suffers a technical breakdown, its bottom line and reputation can suffer.

More of the SearchDataCenter article from Tim Culverhouse