Staying Resilient in Today’s Threat Environment

Richard Long

With the increasing prevalence of IT hacks, intelligent business owners are becoming more aware of the importance of Business Continuity as a business skill. Staying resilient can determine the longevity of a business in today’s world. 

How many quotes about failing or falling have you heard?

“Every adversity, every failure, every heartache carries with it the seed of an equal or greater benefit.” – Napoleon Hill

“Our greatest glory is not in never falling, but in rising every time we fall.” – Confucius

“You drown not by falling into a river, but by staying submerged in it.” – Paulo Coelho

Hardship is a common feature in life and business. As something that is often unexpected or unplanned, this is something we talk about and plan for as Business Continuity providers. When something unexpected occurs, that does not mean we have failed as BC professionals. Only if we do not have some form of plan, strategy or contingency in place have we failed.

In many ways, the unexpected is the new normal. No one can be expected to have every possible situation identified or remediated. We can, however, have both general and comprehensive contingency plans prepared and people trained in how to respond. That is the difference between us and machines; we are flexible and adaptable.

Best Practices for a Resilient Business

Business Continuity planning has become even more important given the varied nature and timing of potential outage events. As we have become more dependent on technology and have abstracted processes and tools, even the “technical” people do not always know the details of how environments work. Consider cloud-based solutions. Your IT team is not familiar with the details of the server, storage or network architecture; that is for the provider to manage. Even in environments controlled by the IT team, those managing and configuring the applications do not necessarily understand the underlying infrastructure. Hence, unplanned, self-inflicted outages occur on a regular basis. Airlines have had several over the past months.

We know of a company whose core business system was down for multiple days, impacting both internal business processes and customers. While we plan and prepare for external influences that may cause outages, in today’s environment the reality is that internal risks are more likely to cause outages than those that are external.

Business Continuity should be more than just disaster recovery; it must consider availability as well. Organizations should remember that recovery and availability are different concepts. This means you should structure them differently. Consider the requirements as a continuum and not separate processes.

Establishing a Culture of Continuity

In order to ensure that organizations are prepared, Business Continuity activities should be part of the overall culture. The processes, activities and support technology available and/or recovered when an outage occurs should be part of the conversation anytime change occurs. It’s important to understand the length of time that a process or activity can actually be unavailable or impacted. Don’t leave this up to best-case scenario assumptions. This should not be just a number derived from a Business Impact Analysis, nor should your recovery time objectives be dictated or determined by your technology. It’s important to accurately identify availability and/or time to recovery requirements through business analysis and testing, for both over-protected and under-protected processes.

Potential troubles lurk around every corner, whether they stem from unexpected environmental mishaps, man-made attacks, or individual mistakes. Whatever happens, what really counts is how we react. How we react is directly correlated to the preparations, plans and information we have in place. In short, Business Continuity is a skill and concept everyone in an organization should have to some degree.

Working towards a more resilient business? Read our 4 Key Steps on the Roadmap to Resilience.

common insider threatsbenefits of a business continuity program