“We’re steadily moving toward a new normal where billion-dollar disasters are a regular occurrence,” says Emilie Mazzacurati, founder and CEO of Four Twenty Seven. “This combination of extreme weather events and growing pressure from asset owners and regulators is pushing a lot of businesses to look for a way to understand their exposure and start managing their risks.”
Environment-related risks dominate the report for the third year in a row, accounting for three of the top five risks by likelihood and four by impact. Extreme weather is again out on its own in the top-right (high-likelihood, high-impact) quadrant of the Global Risks Landscape 2019. The report can be downloaded here, or go to the WEF website for more information.
The Business Continuity Institute wins 'Best Association Video’ at the UK Association Awards
Yes, let’s pretend nothing has changed....
“The road has been there for 100 years and will continue to be there for many many years, decades to come.”
A report from Munich Re on last year’s natural disasters pointed to “clear indications” that man-made climate change is a factor in California’s wildfires.
Despite sensitive data being increasingly moved to the cloud, research carried out by Databarracks reveals that over 60 percent of organisations have not evaluated the business continuity risks for their cloud services over the past year.
From a survey of 400 IT professionals, only 40 percent of organisations have evaluated the business continuity risks for their cloud services in the past 12 months. 17 percent of businesses have no plans to address this over the next 12 months. Further to this, almost a quarter (23 percent) of organisations admit to not having backup or recovery capabilities in place, beyond the standard default options offered by their cloud provider.
Cloud failures - both major and minor - are inevitable. What is not inevitable is extended periods of downtime or unacceptable data loss caused by any resulting service outages.
Jonathan Meltzer examines four different options for ensuring application-level continuity through high availability and disaster recovery provisions in a hybrid or exclusively Azure cloud environment.
The increasing dependence of organisations on applications in the cloud has made it more challenging for privacy, risk and business continuity executives to satisfy themselves that they are complying with privacy and resilience regulations.
Hear from experts address the issues that arise when things go wrong. They will work their way through a realistic scenario, that worsens over time.
We will present the perspective of an APRA regulated user, a cloud services provider and the regulator.
There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.
Business Cloud News | June 9
Nick Hawkins, Managing Director EMEA of Everbridge, discusses how in crisis situations organisations can use cloud-based platforms to communicate with employees anywhere in the world to identify which employees may be affected, communicate instructions quickly, and receive responses to verify who may be at risk.
If you’re like most chief information officers (CIOs), you may be feeling a sense of uncertainty and unpreparedness when it comes to dealing with cyber threats. And the truth is, you likely have good reason to feel that way.
“Cyber attackers are more organized and sophisticated than ever,” stated KPMG’s Steve Bates. “They’re using better tools and have greater access to funding — be it from competing corporations, rogue nations, or activist groups. These cyber criminals have the commitment and the means to breach and inflict significant damage to almost any company.” Read more
A lengthy, but fascinating story on the NotPetya attack:
"In those physics, NotPetya reminds us, distance is no defence. Every barbarian is already at every gate. And the network of entanglements in that ether, which have unified and elevated the world for the past 25 years, can, over a few hours on a summer day, bring it to a crashing halt."
Welcome to the September edition of the Continuity Matters Newsletter!
As Florence bears down on the coast of North and South Carolina, it is a salutary reminder of the power of nature. There are 56 data centres in North Carolina and 11 in South Carolina. Apple, AWS, Google, IBM all have data centres in the area. Facebook has a 30,000m2 data centre (that’s 7.5 acres!). See here for a listing. The full impact of the storm is unknown – but the predictions are ominous. Authorities are expecting lengthy power outages and extensive flooding.
We have compiled some very interesting articles that discuss the key resilience issues facing data centre and cloud providers in the face of this enormous storm.
Don't forget to reserve you seat for our upcoming seminar in October!
Continuity Matters' Upcoming Seminar – “Compliance Without Control”
The increasing dependence of organisations on applications in the cloud has made it more challenging for risk and business continuity executives to satisfy themselves that the applications will be recoverable in the event of a disruption.
If your organisation has deployed critical applications to the cloud, how will you assure yourself (and possibly the regulator) that your systems are recoverable in the time and manner you require?
Hear from experts address this issue and work their way through a realistic scenario. We will present the perspective of an APRA regulated user, a provider and the regulator.
There will be plenty of opportunity for questions and networking at this interactive and stimulating session. Drinks will be served at the conclusion of the session.
Hit by the Azure outage? Watch out for Hurricane Florence!
“With Hurricane Florence bearing down on the Southeast US as I write this post, I certainly hope if your data center is in the path of the hurricane you are taking proactive measures to gracefully move your workloads out of the impacted region. The benefit of a proactive disaster recovery vs a reactive disaster recovery are numerous, including no data loss, ample time to address unexpected issues, and managing human resources such that employees can worry about taking care of their families, rather than spending the night at a keyboard trying to put the pieces back together.”
Lessons learned from past disasters
Robby Hill, founder and CEO of HillSouth, a Florence, S.C.-based managed services provider, told CRN: "During Matthew, we found we didn't have enough backup power for our office building, since then, we have implemented and tested our power. After Matthew, we were stuck with portable generators. Now we have one installed in our building. Matthew tested us. We were out of power for a week."
Weather report
We can’t say we were not warned. Earlier this year, the World Economic Forum published the Global Risk Report 2018. On page 3 of the report, the Global Risks Landscape 2018 chart had 6 out of the 7 most likely and impactful risks attributable to climate change. This assessment has proved to be scarily accurate.
Why using the Potluck approach is a risky strategy
Many organisations make no formal workplace recovery arrangements for crisis management and the recovery staff. Many hope that their offices will never suffer a disaster and even if they do – intend to use the “Potluck” approach and go to a hotel if the need arrives.
We believe this is a risky strategy - and here's why.
Many organisations make no formal workplace recovery arrangements for crisis management and recovery teams. Many hope that their offices will never suffer a disaster and even if they do – intend to use the “potluck” approach and go to a hotel if the need arrives.
Taking the “Potluck” approach is very common and fraught with risk. It has five main weaknesses:
It assumes that there will always be suitable hotel accommodation when you need it. Often that is a reasonable assumption, but what if your crisis occurs during a very busy period during a major event in your city - eg Formula 1, the Australian Open, Racing Carnival, Global Rotarians Convention in town etc?
If your offices accommodate a large number of staff, it is likely that most will be asked to work from home. However, it will be essential to accommodate your recovery team in the one location. You will need to make critical decisions under duress and be able to discuss matters many issues that are time sensitive and/or confidential. This can only be done if your recovery team is housed in the one secure location.
It also assumes that your firm is the only one impacted by the crisis. What if there is a crisis that impacts a whole city – eg Brisbane floods, Sandy in New York etc? During these periods, hotel accommodation becomes rare and if available, very expensive.
Not having a reserved workplace weakens the benefit of exercising your recovery. The purpose of exercising is for your crisis management team to quickly and efficiently become operational. If the teams exercise in a different hotel every year or actually need to recover in an untested hotel, your organisation’s recovery time will be slower.
Our reliance on technology is increasing every year. To make your crisis team productive quickly, they need reliable access to computers, networks and your applications in a reliable and secure manner. If your computers are lost, where and how will you secure your replacement computers? If you have never tested the technical infrastructure of a hotel you are unfamiliar with, how much recovery time will be wasted by getting the technical infrastructure stood up?
To avoid these traps, make sure you have secured a workplace recovery solution.
