People in business continuity talk a lot about black swans: unexpected events that come from outside normal experience and have strongly negative effects.
Black swan events are definitely worth thinking about and being prepared for due to their potentially catastrophic impacts.
However, in today’s post, we are going to talk about the opposite of black swan events. Some people refer to such events as white swans, but I am going to refer to them as “7 Bad Things That Are Likely to Happen This Week.”
These are negative events that I think actually have a high likelihood of happening to some organization somewhere in the coming week—or at any rate, they are things that happen fairly frequently, having a negative impact each time.
If one of these common business continuity threats happens to your organization, will you be ready?
Here’s my list:
7 Bad Things That Are Likely to Happen This Week
- An organization somewhere will suffer a cyber breach. The cyber event will likely involve one or more of the following: ransomware, a denial of service attack, a phishing attack, malware, or an active attack exploiting network security vulnerabilities. For more on cyber breaches and how to protect yourself against them, see these two recent posts: Email Security: How BC Professionals Can Help Their Companies Stay Safe and Staying Safe While Browsing the Web: How You Can Help Protect Your Organization .
- An organization will suffer losses caused by a breakdown at a single point of failure. This could involve technology, such as a single server or single network device, or a person who is the only one possessing certain specific knowledge or expertise. The organization affected might have been aware of the single point of failure for some time (and been putting off dealing with it), or they might be completely surprised to learn of it.
- An organization will be impacted by the unavailability of a key vendor-provided service. Generally, the resiliency of SaaS and IaaS solutions is high, but many organizations that rely on these for critical processes have no true backup solution. It’s likely that at some organization somewhere in the coming week, the unavailability of a third-party service and the lack of a viable backup or workaround will cause a significant impact to some business process. This could also include the loss of a critical vendor or supplier of products, since many organizations are reliant on a single vendor with no true alternate source for the product.
- An organization will be affected by a regional infrastructure outage. All right, this one isn’t too likely to happen over the next week—but power outages are on the rise nationwide. And the chance of a region-wide outage occurring is increasing as hostile countries refine their ability to target the U.S.’s power grids and computer networks. (For details, see this recent New York Times article.) Such outages can affect power, internet, water, phone and other utilities. The loss of these services could impact your ability to use your facilities or implement your relocation strategy. Many companies’ workarounds and recovery solutions depend on cell phones and the internet. If those services go down, the workarounds will no longer function. Back-up power generators are unlikely to be able to provide sufficient power to the necessary work spaces in buildings or locations. People working at home in accordance with the recovery plan are unlikely to have backup generators.
- An organization will suffer an impact due to the lack of appropriately trained staff. This is different from having a person as a single point of failure. This is about not having enough people trained and available to do critical tasks, especially during a crisis. This can make a bad situation worse. Many people who are designated as responsible for taking certain actions during an emergency are insufficiently trained or unware of their responsibilities. And any event which impacts employees’ homes and families is likely to see many staff unavailable to carry out their roles in the recovery plan. For more information on the issue of staff unavailability, see our recent post, “The Neglected Side of Business Continuity: Problems Not Related to IT.”
- Individual components of an organization will fail. One or more apps will go down or there will be the loss of some people in a critical function. This is the most likely kind of failure to occur.
- An organization’s recovery will fail because it has not defined and documented its dependencies for processes and technology. Organizations typically define and document the obvious dependencies but overlook the hidden or automated processes. Technology examples include license services or servers and connections for dependent data or reporting. Process examples include exceptional situations which are necessary (just because a use case is not frequent, does not mean is it not critical). Such gaps are a common reason that recovery plans do not work as expected.
You may never see a black swan, but the chances of your encountering one or more of the above situations is high. By being aware of the dangers and taking reasonable precautions, you can minimize the chances that the event will significantly disrupt your organization.