Anyone failing to plan for the aftermath of a ransomware attack or other disaster is asking for trouble.
When you consider the number of companies that fail to re-open when they are seriously impacted by such events, it isn’t a good idea to neglect business continuity (BC).
See below for some of the top trends in the business continuity market:
1. It won’t happen to me
Unfortunately, the “it won’t happen to me” attitude continues to pervade the field of business continuity.
Despite all the talk about malware bringing companies to their knees and warnings about extreme weather events, the majority of organizations still do not bother with BC.
According to one report, 51% of businesses were caught off guard when COVID-19 hit. They did not have a business continuity plan in place to cope with pandemic-based restrictions.
Thus, many businesses have a tendency to put their heads in the sand with regard to future eventualities. Many still wait until they suffer an attack or disruption before they take steps to prevent it. It appears that they believe such things will never happen to them — until they do actually happen to them.
“When important systems become unavailable due to infrastructure failure, human error, or a security breach, it can lead to unaffordable business interruption,” said Chip Gibbons, CISO, Thrive, a provider of managed services.
“The best way to ensure an organization is prepared is to have business continuity and disaster recovery plans on hand.”
2. Confused plans
Another trend is to fail to differentiate between the different types of plans for major events.
While terms like disaster recovery and business continuity are often used interchangeably, there are important differences, said Gibbons with Thrive.
It is critical to have both plans in place to help mitigate the impact on business operations and to clearly understand the role each plays.
Gibbons defines them as follows:
- Business continuity plan: refers to how a business continues to operate when key systems are down or an outage occurs. A business continuity plan is a must-have for every organization and keeps a business running effectively, even when faced with an unexpected disaster or tumultuous times, like a global pandemic. The goal of a business continuity plan is to know which processes can be kept in place and which ones must be adapted. A plan allows you to prioritize what’s important. For instance, not being able to access email isn’t as critical as losing customer data that allows you to finalize an order or payment.
- Disaster recovery plan: refers to how specific platforms, data, and applications are restored following a cyber attack, disaster, or other failures. In essence, a disaster recovery plan refers to the specific part of the business continuity plan to be followed during and after data loss. It’s most important to get systems back up and running following a data loss event to minimize downtime and business disruption.
3. BC and development
As companies become increasingly reliant on critical applications for their core business functions, more IT teams are incorporating more business continuity planning into their development projects, accordion to Ian Allton, solutions architect, SIOS Technology.
In other words, the smart businesses are not creating BC features and plans after the effect. They build their applications, establish their IT infrastructure – and then they begin to think about BC.
Instead, the emerging trend is for companies to include BC planning, processes, and technologies into the early stages of application and IT environment planning.
4. Fast restores
The old standard used to be to restore data in systems in a day or two.
But gradually, the time factor has been brought down. Now there is little tolerance at all for any delay between system failure and recovery.
“Organizations are implementing high-availability (HA) and DR solutions that automatically restore application operations in minutes,” said Allton with SIOS Technology.
Allton sees the BC plan as the foundation for DR implementation that should recognize the distinction between failures and disasters, as IT evaluates the different solutions for HA and DR.
A key distinction, for example, involves the location of redundant resources and whether you want to fail over operation to them or simply make a copy, or replication, of them.
“You can recover from a failure by using clustering software to fail over application operation from a primary server node to a secondary server node over a LAN,” Allton said.
5. Geographic separation
Electrical outages might strike one neighborhood, an entire town, or rarely, an entire region. Other disasters typically have geographic limitations that can be predicted.
Those companies wishing to recover effectively and fast from a disaster should take care that there is enough geographic separation between their locations, typically over a wide area network (WAN), according to Allton with SIOS Technology.
For example, an area prone to flooding should have BC capabilities established somewhere outside of that flood zone.
Similarly, a DR site should not be on the same electrical grid as the central data center.