Horizon Scan 2012’

Horizon Scan 2012

A new ‘Horizon Scan 2012’ survey from the Business Continuity Institute asked 458 organisations across 49 countries to rate their levels of concern against a range of threats to their business, based on their own risk assessment.

The top five threats evaluated through risk assessment, based on those registering extremely concerned and concerned, are as follows:

• Unplanned IT and telecom outages – 74%
• Data breach (i.e. loss or theft of confidential information) – 68%
• Cyber attack (e.g. malware, denial of service) – 65%
• Adverse weather (e.g. windstorm/tornado, flooding, snow, drought) – 59%
• Interruption to utility supply (i.e. water, gas, electricity, waste disposal) – 56%

UK based respondents reflected the international response as did Australia, Canada, South Africa and the USA.  However, indicative responses from India were very different, with transport network disruption, social unrest and fire taking the top three positions.  In Japan, respondents put the threat of an earthquake and tsunami as their number one threat with an environmental incident and interruption to utility suppliers in second and third positions respectively.

In individual sectors, respondents in manufacturing picked supply chain disruption as their primary concern, followed by unplanned IT/telecom outage and a product safety incident. In the other industry sectors analysed, there was significant agreement in the threats that pose most concern in terms of data breaches, cyber attack and unplanned outages. In light of the high levels of concern going into 2012, the survey also asked about expectations on investment levels in mitigating these threats.  The results show that for 10% of respondents, investment levels will fall, while for 50% levels will be the same; only 25% can report increased levels of investment.

Human Mistakes…good advice

In the Sunday Times today in the Neal Ascherson article he quoted a guy who said “…As an engineer, I can tell you the root of all human mistakes. It’s people putting things right, before they have finished finding out whats wrong“. Quite a few disasters around the world currently where this maxim seems to apply! Libya…..Fukushima nuclear reactors in Japan.

Cunac likens it to the many businesses that start implementing solutions before they have fully understood the problem/issue.

Bit like focusing on tactics when the business strategy is unclear! We have seen that a few times unfortunately.

A day or two of Cunac analysis or consultancy support might be a good investment in those circumstances.

Or management just slowing things down and running some workshops and writing ideas down to create a plan that will work. With low risk.

Human Aspects Key to Business Continuity Success

One of the business continuity management (BCM) websites is that of Continuity Central and Cunac would like to point the attention of our readers to a recent posting on that website dealing with the human aspects of business continuity management.  The BCM information presented comes from a report generated from a recent Business Continuity Institute (BSI) workshop and best of all it is offered free of charge. The report details the following six (6) presentations from that workshop:

– Why Plan for People?
– So What is “Duty of Care”?
– People in BS25999
– Managing and Motivating during Recovery
– Psychological Impacts of Disruption
– Case Study – Bringing It All Together
– Along with the following three (3) discussion exercises:
– BCM and HR – Working Together
– People Issues as Drivers for BCM
– Top Tips for Recovery Planning

Cunac hopes you find this information valuable and useful in the support of your own organisation’s business continuity efforts.  Click here to download and read the full report

http://www.thebcicertificate.org/download/Workshop-Report-HumanAspectsofBCM.pdf

Do you Trust your IT System Backups?

As the saying goes, a gramme of prevention is worth a kilo of cure. Well, a backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. Backups are useful primarily for two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to restore small numbers of files after they have been accidentally deleted or corrupted. Data loss is also very common. 66% of internet users have suffered from serious data loss. So thats a generic view of the theory, what about the practice? !

Backup and recovery systems have been around since the beginning of the digital revolution. SAN type hard disk based systems have minimised or even removed the impact of tape backup systems, but even these solutions don’t address one, simple little problem. How do you know the backup is working? You need to TEST it.

Although in fact there is no one, or short, answer to this particular problem. The longer answers do tend to fall into two categories: Test everything; and check everything. By a huge margin, testing everything is the most critical thing you can do to ensure your backups are working the way you think they are.

The problem here is that testing is not a simple, “five minutes and you’re done” operation. While you can usually spot-test data integrity by restoring a few files each week in a limited amount of time, that’s not truly testing your solution. Restoration testing from multiple tapes and multiple disk systems to non-production servers is the best way to test file-level backups. While it is impractical to do that weekly, it should be done at least twice per year using different servers/data/tapes each time. This ensures that you will be able to recover from your tape/disk media to your servers properly, and that you’re not suddenly caught without the knowledge or software tools required when an emergency comes.

Full restoration of a server system should also be done at least twice per year if you are using a full-server recovery tool. This is more difficult than just restoring data, as you can’t do a full-server restore to a machine assigned to some other purpose day-to-day – you’d overwrite the required server with your test restore. This means you’ll need to have either spare physical machines or virtual servers in order to create temporary systems for use in the testing process. Many organisations refuse to budget for these types of tests and testing hardware, and find themselves without a valid testing strategy.

If you store your tapes off-site, test your recall method as well, at least once a year. This is usually another item you’ll need to budget for, but it is vital to perform this test. Geographic location and traffic patterns can have a huge impact on how fast your tapes make it back to your location, and having a fire drill once a year or more will give you an idea of what to expect during the emergency.

Secondly, keep in mind that – supplier statements aside – backup systems should never be ‘set it and forget it’ type solutions. While you definitely shouldn’t need to change settings and check in on it every day, you should be checking in on it at least weekly to ensure that everything is running smoothly. Check backup logs or event logs to see if there are any backup-related errors. Also make sure that you’re following the vendor’s recommendations for replacement of tapes and hardware maintenance. These checks only take a few minutes of your time, but can head off massive headaches when the time comes to use the data on the tapes/disks.

Most backup systems allow you to receive emails when everything is going smoothly or when errors or warnings occur. Set these alerts up and do not ignore them. Ten minutes of troubleshooting when you first see the alert can head off ten hours or much more of problem solving later on. This form of checking up on your systems can be done just by reading your email, and so it’s an easy way to keep tabs on things.

So remember, the best backup system in the world is suspect if you don’t test regularly and completely, and don’t keep an eye on it from time to time. As the saying goes, a gramme of prevention is worth a kilo of cure.