No CEO ever likes to think of the bad things that can befall their businesses. But not preparing for the worst can make a bad situation downright catastrophic.
I’m sure the last thing more than 100 million people — along with thousands of businesses in India and the Middle East — were expecting earlier this month to have the two main Trans-Atlantic communications cables which carry crucial internet service severed by a couple of ship anchors, and a third cable cut in what some were calling an “information warfare” attack.
Conspiracy theorists were saying that since video surveillance has shown that ships’ anchors were not to blame for the third cable being disabled, some other “sinister forces” could be behind the disruptions. Some nuts have even gone as far to accuse the United States for the cut cables, saying that it has provided our government an opportunity to now “wiretap” the repaired cables and monitor communications in the those areas of the world.
But international telecommunications expert and consultant Paul Budde told me that regardless of the conspiracy theories, one constant remains — you had better be prepared to protect your business, especially on a global scale, when the unexpected occurs. “The fact that we are dealing with global networks, and most large corporations are doing business globally — there have to be contingencies. Events like this show us that when something on the scale of this incident happens, we are all affected by it.”
In today’s volatile world, not having a business continuity and disaster recovery plan could bring an organization to its knees in times of crisis. It comes down to conducting a cost-benefit analysis and determining risk.
“Complexity and interdependence in the current global environment make it difficult to foresee all ways that systems we rely on will break down,” says Brian Kaye, who directs the business continuity consulting practice for Control Risks. “Unforeseen events can completely overwhelm existing business continuity provisions. In these cases, much depends on having a team of senior executives with crisis management training and experience, who can diagnose the current situation and quickly formulate a ‘fall-back’ plan that capitalizes on existing strengths.” Kaye is responsible for developing, implementing and managing world-class business continuity solutions for Control Risks’ North American client base.
When I asked if there are strategies global businesses can employ that would minimize the impact of lethal communications failures, Kaye was quick to point out that the impact from such wide-scale outages can’t be confined to emerging markets alone: “Global supply chain interdependencies virtually guarantee a ‘ripple effect.’ For this reason, we frequently advise clients to include supply chain partners and other third parties in their scenario planning and crisis management exercises.”
He adds that there are multiple strategies to use in protecting communication infrastructure, but the level of investment will vary for each organization. “We recognize that our clients are not in business solely to mitigate risks; they are in business to do business and a reasonable amount of preparedness safeguards that,” Kaye says. “Rather than continually ‘fighting the last war,’ we encourage clients to actively and regularly assess their risk environment. This leads to prioritized sets of risk, which, in turn, guides responsible mitigation spending.”
The experts will tell that if you are just embarking on a business continuity plan it is prudent to talk with your peers — many of them have already been through situations you might not have experienced. There are no hard rules to the process, so most likely you are going to think about the things that are really obvious, but you’re probably going to forget something. Don’t be afraid to let others find the holes in your plan and then regroup. Having no plan is the bad plan!
If you have any questions or comments for Steve Lasky regarding this or any other security industry-related issue, please e-mail him at firstname.lastname@example.org.