By conventional standards, business continuity cannot exceed one hundred percent. Business continuity of less than 100% is obviously possible, although measurements of just how much less may only be approximate. However, if everything is working properly, full business continuity has been achieved. Does it make sense to then talk about ‘fuller than full’ or a business continuity index that is more than 100%?
Most people are visually oriented when it comes to taking in information. They also prefer analogue displays to digital ones. In other words, when it comes to understanding risk as part of business continuity, they like colours and graphics, rather than numbers in a spreadsheet. That makes the risk heat map a popular choice for presenting summary risk information to non-risk experts or senior management. Typically, areas in red on the heat map indicate the biggest risks and areas in green the smallest/most acceptable risks. But does this approach in fact too limited?
The ‘fail faster’ mantra in business has polarised opinion. Some people swear by it, saying that by trying many new ideas rapidly, businesses are more likely to find a good one faster to help them be successful. Other people swear at it. They say that ‘fail faster’ is a hollow fad, irrelevant or worse still dangerous to the way business is done today. Yet others claim that it’s a problem of terminology: the word ‘fail’ is being used in a situation where the real goal is ‘succeed’. With high profile companies like Amazon apparently using a ‘fail faster’ approach to increase market share, business continuity managers need to know whether this approach is good or bad for their own organisations.
No enterprise is immune to bad ideas. Some of them can be spectacularly bad, like deserting loyal customers in order to chase new markets that never materialise, or betting the company on a technology that never actually works. A company can have everything going for it and still get it wrong. The case of Webvan with its e-tailing advantages of lower costs and better services targeting the wrong customer group is just one example. However, this kind of failure is not caused by one bad idea alone, but by one bad idea being accepted and pursued by the organisation overall. In other words, it’s groupthink, a frequent enemy of business continuity.
Let’s suppose you want to fill a position in your organisation by hiring an emergency manager. The role of this person is to coordinate the actions of different services responding to a sizable disaster, to translate strategy into tactics, and to keep senior officials or management informed of the situation and progress towards resolution. So far, so good – except this kind of person, or experience, doesn’t grow on trees. However, it is a role that is needed in many public sector areas, including utilities, health, education, airports and port authorities. You could place an ad asking for candidates, but what do you then need to know to evaluate applications?
Building a lean, mean supply chain machine is the dream of many organisations. On the face of it, lean sounds like a good idea. By streamlining and simplifying processes, and by cutting out flab and wastage, enterprises can boost productivity and profitability, and of course end-customer satisfaction. Just the muscle without the adipose layers is the goal. Companies aim for ever fewer suppliers, fewer product touch points and faster operations. Yet there comes a point where a supply chain starts to look more like a skeleton than a living, evolving business organism. It is at this point that the slightest shock to the system can break it. In other words, the fragility of your supply chain becomes a major risk for your business continuity.
Our world may be turning more digital by the day, but that doesn’t necessarily make things any more certain. Such is the situation with threats against computer systems. The attack tree is an invention designed to help assess the possibility of an attack occurring, and from that the probability of one attack compared with another. The intriguing feature of the attack tree is the possibility to assign money values to different attack paths and thence to gauge your organisation’s vulnerability to one or the other.
You could leap onto your desk, wave both fists in the air, and scream ‘Why, why, why?’ You could organise a whip-round in your company and invite colleagues to give generously to ‘help save our business continuity’. You could even just accept the cut. After all, whose budget isn’t being cut nowadays? Tempting as these options may seem, they do however suffer from (at least) one major drawback. They are unlikely to get your business continuity budget reinstated in full afterwards. You need a better plan. One that can see you through a rough period, help you get your budget back to where it should be, and even prevent a cut in the first place. Read on for further details.
Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From wearable fitness trackers to office building intrusion detection, the range of items being linked to the web is already wide. The natural and growing reflex is to consider the risk involved and appropriate risk management. But which kind of risk are we talking about?
If you are familiar with IT security testing for organisations, you have probably heard of the concept of a kill chain. This is a route by which an attacker can achieve a given goal (steal data or sabotage an IT installation, for instance). Kill chains as their name suggests are composed of several links or stages through which an attacker moves to home in on the target result. As efficiency as well as effectiveness is part of business continuity, why reinvent the wheel? The kill chain could provide insights here as well.
The Ebola crisis, also a pandemic because of cases in different countries, has hit the nation of Sierra Leone the hardest. National and international health teams have worked round the clock to contain the disease and prevent new outbreaks. Pharmaceuticals companies have ramped up efforts to develop new vaccines. Sierra Leone counts almost 12,000 people infected with the increases in both city and travelling populations major contributing factors. Recently, the Ebola response team in Sierra Leone tried a new tactic that was in stark contrast with previous measures. The tactic could be summed up in one word – Don’t!
IT security managers and IT teams can install the latest antivirus software and firewall appliances to protect their computers and networks. However, there are also other signs to look out for, which software and hardware products are not always smart enough to see. Human beings on the other hand are naturally gifted in spotting strange behaviour. When patterns change or get disrupted, we notice. Here’s a checklist of ‘indicators of compromise’ to look out for, where changes might indicate an IT security attack in progress.
There is an old joke in sales that things would be great if it wasn’t for the customers. Of course, it is the customers that buy and that keep salespeople in a job. More generally, people accomplish tasks, do projects, have ideas and help to run businesses. Business continuity is inextricably bound up with people. They may be unpredictable as individuals, but display rather more predictable behaviour when grouped together. Predictive analytics has already been growing as a method of forecasting market conditions, economic trends and environmental developments. Increasingly, these techniques are also being applied in cases where people have a direct impact on business continuity.
Information technology has certain features that make it possible to calculate probable dates of demise. It’s all digital, with a finite number of bits and bytes, and calculable error rates. As disk storage capacities increase, technologies viable today may run out of steam tomorrow. They cannot scale forever. Unlike vinyl records in the music industry or Polaroid cameras (a bit of cheat) that were written off, but then experienced resurgence in their markets, when a disk drive is dead, it’s dead. Here is the thinking behind the disturbingly precise estimate that by 2019, RAID 6 drives should no longer be part of the IT landscape or the disaster recovery scene.