The disasters that figure in the headlines change from day to day because the media love novelty. The events that cause business the most problems year after year tend to be the same because that is how the world actually works. In today’s post, we’ll give a rundown of the five threats that most commonly impact organizations.
Related on BCMMETRICS: One-Two Punch:
The Two Problems That Cause the Worst BCM Failures
The 5 Biggest Threats
It has been an eventful two weeks since my last blog post.
In that time, the Northwest and Canada were struck by record-breaking heat, the ship that plugged up the Suez Canal (crimping supply chains around the world) was finally cleared to leave Egypt, a condo in Florida tragically collapsed, the season’s first hurricane developed, the COVID pandemic lingers on, and the latest ransomware attack out of Russia crippled 1500 businesses.
While the news cycles along, the actual threats that cause the most problems for business continue along on their own track.
Some of these overlap with the headline news, some never make the news at all.
From the point of view of watercooler talk, some might not be very interesting.
From the point of view of business continuity, they all present serious risks and routinely cause grave impacts.
Here’s the list of common business continuity threats as it looks to us in the summer of 2021:
This is a case where the news of the day and reality line up. Cyberattacks are possibly the leading threat to business today. The most common types are ransomware attacks and data breaches. In a ransomware attack, hackers gain access to an organization’s computer network, encrypt the data, and demand a ransom to provide the decryption key. Recent examples (besides this week’s supply-chain attack by the Russian hacker group REvil on customers of Kaseya) include the high-profile attacks on the Colonial Pipeline and JBS meat-processing company. In a data breach, cybercriminals steal customers’ confidential data and information and sell or exploit it.
We lavish attention on technology, but it’s often human error that causes the biggest problems. This often happens because staff aren’t trained sufficiently. Whenever somebody downloads an unauthorized application infected with malware or provides their password in response to a phishing email, the problem is a cyberattack, but the underlying cause is human error. Let’s face it: even well-trained people can make costly mistakes. If people are tired or having difficulties in their private life, the chance of them messing up can soar. Minimizing human error takes smart, sensitive management and a solid commitment to ongoing training. It’s completely unglamorous and totally essential.
What happens when there aren’t enough people on hand to do the work? Nothing happens. Which is exactly the problem. You could say we dodged a bullet during the COVID-19 pandemic in that there were few reported cases where companies couldn’t function because too many employees were out sick with the virus. But such shortages are happening now as businesses are reopening and can’t find people to fill vacant positions in key service and operational roles. This exposes the business to greater risks due to lack of resources and overworked employees. There is a higher potential for critical errors that could disrupt the business.
Single Point of Failure
The SPOF can be technological or human. It’s any critical aspect of the company’s operations for which there is no redundancy. The critical component could be a router, a server, a piece of lab equipment, or an individual who is the only person at the organization who knows how to perform a critical process. Wise businesses identify their SPOFs and create redundancies for them.
Internal Business Risks
Some businesses perform functions that are associated with inherently high risk. Taking care of sick people is risky. So is refining oil, running a utility, manufacturing chemicals, conducting high finance, and building large structures. Organizations in these fields face higher than average operational risks. Their BCM challenges will always be above average. Their BCM programs should be above average as well in order to match their level of operational risk.
These are the five most common business continuity threats organizations face today. Some are notorious; all are serious. The conscientious BCM professional will take steps to protect his or her organization against all of them.
Gaining Resilience, Protecting Your Stakeholders
The headlines are one thing and the issues that cause real problems for organizations are something else. Sometimes the two overlap, as in the case of cyberattacks. More often issues that can cause crippling problems for an organization are of interest only to the people who work there. There are a few things we know for certain: life involves risk, organizations are vulnerable, and a sound business continuity management program can help your organization gain the resilience it needs, so your stakeholders get the protection they deserve when they face common business continuity threats.
For more information on common business continuity threats and other hot topics in BCM and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:
- Single Points of Failure: Protecting Yourself from Hanging by a Thread
- What BC Professionals Can Do to Help Guard Against Cyberattacks
- Money Matters: The Importance of Being Financially Prepared for a Business Disruption
- One-Two Punch: The Two Problems That Cause the Worst BCM Failures
- The Corporate Supply Chain: BCM’s Ticking Time Bomb