Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

The top ten business continuity and disaster recovery trends

Dr. Steven Goldman identifies ten business continuity and disaster recovery trends that are emerging, highlighting actions that business continuity managers can take in response to each item.

10: There has been an overall worldwide increase in the number of natural disasters

As a trend, the incidence of natural disasters worldwide has steadily increased, especially since the 1970’s, according to reports from the New England Journal of Medicine (NEJM) and from global insurer Munich Re.

Climate-related disasters include hydrological events such as floods, storm surge, and coastal flooding, while meteorological events include storms, tropical cyclones, local storms, heat/cold waves, drought, and wildfires. There were three times as many natural disasters between 2000 and 2009 as compared to the amount between 1980 and 1989. The NEJM notes that a vast majority (80 percent) of this growth is due to climate-related events. As a result, the amount of economic damage due to these natural disasters has seen a steady upturn. This in turn means that companies and organizations need to be prepared for natural disasters.

The number of geophysical disasters has remained fairly stable since the 1970’s. Geophysical disasters include earthquakes, volcanoes, dry rock falls, landslides, and avalanches.

What does this mean to you?

The conventional wisdom is that if you fight Mother Nature, she always wins. However, this does not mean you surrender! It means that companies and organizations need to be prepared for whatever Mother Nature can dish out. Remember Hurricane Sandy? Many companies in the northeast USA were battered, but several not only survived but also continued operations. How? Planning, preparation, and execution.

9. The rise in malicious cyber attacks will continue

The McAfee Labs Threats Report, Third Quarter 2013, states that it has seen several familiar trends but reports a few new ones:

  • Steady growth in mobile and overall malware
  • A sharp upturn in worldwide spam
  • The shutdown of the online market Silk Road, which sold drugs and other illegal products
  • The emergence of the 'Deep Web', an online supply for cybercriminals
  • An increase in the use of digital currencies by cybercriminals to maintain anonymity for their illegal activities.

In the third quarter of 2013 alone, McAfee reported that its count of mobile malware rose by 33 percent. New malware of all types exceeded 20 million this period, pushing their all-time tally to more than 172 million binaries. New rootkits, which tunnel into systems and remain hidden, doubled in number this quarter. AutoRun threats, often spread via USB drives, remain numerous. Signed malware, which poses as approved legitimate software, continues to set records, increasing by almost 50 percent.

What does this mean to you?

The impact of a cyber attack is compounded by the fact that more and more corporate assets and operations are online; thus an attack has a broad impact. The meaning of this trend should be obvious. Your organization must have a cyber attack prevention program as well as a response and recovery strategy. And you need to think outside the box your cell phone came in. Can you survive an attack on your mobile communications assets? That recovery strategy might be something as retro (and simple) as land lines and call trees. Do you have these in place? Have you properly tested them?

8. Some disruptions are becoming more predictable

With more and more massive amounts of technology and data available, we are more adept at predicting weather patterns, natural disasters, system breakdowns and even human threats.

What does this mean to you?

Business continuity and disaster recovery professionals need to have strategies and plans that become more preventative than reactive. Recall the old adage about an ounce of prevention being worth a pound of cure, or in our case, a pound of response. Are you vulnerable to loss of electricity? Get a backup generator. Will staffing be a concern? Start a cross-training program, have available contract staff, bring in staff from other offices, or do more with less. Your business impact analysis should help identify vulnerabilities and consequences.

So if a hurricane is predicted, you don’t have to wait until it hits to begin implementing response plans. But once an unexpected disruption hits, business continuity and disaster recovery efforts must move forward rapidly.

7. Disruptions should be considered the norm

Business interruptions – whether acts of nature, man-made or technical glitches – are no longer outlying anomalies, but are becoming the norm. Consider the potential for business disruption like bad weather – you don’t like it, but it’s part of business life; be prepared to deal with it.

What does this mean to you?

Organizations need to embrace interruption as part of expected 'day to day' processes and plan accordingly. To continue with the bad weather analogy, most days are relatively nice; but be prepared for the occasional thunderstorm.

6. Cloud-to-cloud continuity will get serious with Software-as-a-Service (SaaS)

According to Forrester Research, disaster recovery is a leading driver for public cloud use, but mostly by enterprises looking to improve the resiliency of mid-to low-end apps and for smaller companies putting their entire recovery strategy in the cloud. But, during 2014, Forrester believes cloudbased DR will go cloud-to-cloud. The first phase will unfurl with cloud-to-cloud backups for mainstream SaaS offerings. In the SaaS market, enterprises struggle to restore data with steep recovery fees (or in some cases, total lack of service) by their SaaS vendors.

What does this mean to you?

Forrester reports that a new market of backup solutions is rising to meet this need with early solutions from companies. These offerings automate the protection of critical data that is stored with SaaS providers so organizations can recover this data if it is accidentally, or maliciously, deleted.

5. The role of the business continuity and disaster recovery professional is changing for the better

In the earlier days of business continuity, there used to be a joke: What’s the difference between a highly paid, highly recognized BCP manager and a unicorn? The answer: they are both imaginary creatures!

With every disaster made public, the role of the business continuity and disaster recovery practitioner is enhanced at enlightened organizations. More and more, companies are realizing the need for business continuity and disaster recovery professionals on their staff.

What does this mean to you?

Life is good. We are becoming recognized more and more, and we are being taken seriously.

In addition to having an interesting, high-profile job that your peers certainly must envy, you can rest assured that business continuity and disaster recovery professionals, for probably the first time, have an actual career path: at some companies, anyway. There are now position listings for Vice President, Business Continuity. Business continuity and disaster recovery has even reached the C-Suite, with the Chief Resiliency Officer role! With consistent increase in cause and cases for disruption, the industry is only growing and with that the need for business continuity and disaster recovery professionals should keep growing as well.

4. Communications expectations are increasing

Information can travel around the world in seconds. And as Hamlet said, there’s the rub. Today people are carrying several communications devices and systems. How many of you have at least a cell phone, iPad or equivalent, plus a laptop? Does your briefcase or pocketbook look like the discount bin at Radio Shack?

What does this mean to you? First of all, understand the fast pace of technological change. It took 52 years for the basic telephone to reach 70 percent of US households. To reach the same household penetration for the cell phone, it took only 17 years. Apple launched the App Store in 2008 with about 500 apps. Today, there are over one million apps available on the App Store. Facebook went from zero users to over 1.1 billion users – that’s Billion – in only 9 years. You need to keep up.

On the one hand, this technology allows your employees, customers, suppliers, etc., to communicate quickly and freely; this is truly amazing. On the other hand, this technology raises the expectation that your employees, customers, suppliers, etc., will be contacted quickly when necessary: such as in an emergency. This is over and above your critical responders. Communication plans need to factor in these expectations.

What does this mean to you?

Fast initial communications are more important today than ever. You have to get in front of an event before it swallows you up. Incredibly, some emergency public relations manuals are still advising that companies have as much as 48 hours to gather information, develop a message, and respond to an event. The exact guidance of one such manual is 'Assess severity, length of issue and media life. If you believe this is a very small ‘flash in the pan’ it may be best to not make public statements for 24-48 hours and see how quickly the issue goes away.' Realistically, it’s more like 24 minutes!

3. Social media will continue to drive business continuity and disaster recovery response

Like it or not, social media is here to stay. The format, apps, and technology may evolve, but it’s not going away anytime soon. Used properly, social media is a powerful tool for crisis leaders to notify and communicate before, during, and after an event. However, because of its immediacy, spontaneity, ease of use, and general lack of protocols, social media can also be a burden to crisis responders. Incorrect information and rumors can intermingle with facts; this requires social media response strategies.

What does this mean to you?

Organizations must know how to leverage social media and harness its power rather than let it control your response.

Also, companies/agencies need policies on what information (non-emergency response) employees can give out to the public, the media, and even their family and friends. Employees need to know and understand your communication policies and protocols, especially during a disaster.

Make sure you have emergency communications policies such as:

- “Statements to the public and news media concerning an emergency at {Organization} are to be made only with the knowledge and guidance of the Emergency Communications Team.”

- “Information requests made to individual {Organization} employees and contractors by the public, media, and government officials must be referred to the Emergency Communications Team.”

What about the social media? You should have a policy such as:

- “Employees shall not use social media to discuss, describe, or inform anyone about any aspect of an emergency at {Organization}”

But wait!! Is this policy legal??

I am not a lawyer, but Julie Meadows-Keefe of the law firm Grossman, Furlow & Bayó, is.

“It’s a thorny issue. That policy could raise some First Amendment and other issues. If an employee is trapped in a building with an active shooter and is trying to communicate with friends and family about whether they are alive or injured – a life or death issue – the policy interferes with their ability to do that; I don’t believe an organization will discipline an employee for that. However, if an employee is tweeting about the event on his/ her personal account, the employee is violating company policy but is within his/her First Amendment protections.”

What should an organization do? Ms. Meadows-Keefe says, “I know this sounds lawyerly, but the organization policy should be a ‘strong recommendation’ not to discuss the event on social media; but if you do, make sure it is clear that the message is identified as a personal opinion. This policy is not easy to implement or enforce; policy violation discipline would probably be on a case-by-case basis. It’s frustrating; but the bottom line is that organizations should train all employees on the policy and assume employee common sense.”

2. Twitiots will continue.

I thought I invented the word twitiot – a tweeting idiot. However, a brief Internet search already found several references and uses of the word. Oh well... So here’s an easy prediction. Several people will become famous by the end of 2014 – or infamous – by tweeting/blogging something stupid.

Remember the alleged public relations expert who made stupid statements about visiting South Africa? How many politicians or movie stars have caused themselves crises by being a twitiot?

Who can forget 'Carlos Danger,' aka New York Congressman Anthony Weiner? He became the center of a media firestorm in 2011 when he briefly posted on Twitter a lewd self-portrait for all of his constituents to see. After saying it was a prank, he admitted it was intended as a direct message to a Seattle woman as 'a joke.' Now painfully aware of the power of Twitter, Weiner no longer holds elected office.

Karine Vanasse was well known for playing the role of stewardess Colette Valois in the US television series, Pan Am. In December of the show’s first season, she sent out the following tweet:

“Well, we received THE call, #PanAm is only coming back for one more episode after Christmas. But up to the end, we’ll give it our all!”

The problem? The series star broke the news of the show’s impending cancellation before the network was ready to announce it. Now Ms. Vanasse is not an idiot, but she essentially released company confidential information before management was ready. Could this happen to your organization? As I stated previously, do you have policy that covers social media?

What does this mean to you?

Everyone with an Internet connection/e-mail/Twitter account – essentially all your employees – must understand that by pressing the 'Send' button, they are sending a 'personal' message to potentially hundreds of millions of people. And there are no take-backs. Again, what is your social media policy during an emergency?

1. Be prepared for the Matrix, the Robot Uprising, or Skynet!

Yes, each of these science fiction threats centers on 'The Machines' taking over. But when The Machines do take over, that means YOUR machines too! Forrester’s Rachel Dines and I advise those firms that have not yet updated their BIAs or continuity plans to include these science fiction risks, to do do. Here are three tips that can get you started on the right path:

A. Store data in offline forms and/or on local devices. Whether you choose tapes (outside of a Machine accessible tape library), punch cards, paper, or optical media, you must keep current copies of critical data in a format that can’t be sabotaged by the Matrix, robots, or Skynet.

B. Keep continuity plans on paper and/or on local devices. You’ll want to have your plans for specifically dealing with The Machines’ uprising in a format that is hard for them to assimilate so they can’t devise countermeasures to your plans. Additionally, you should store key elements of your business continuity and disaster recovery plans (e.g., contact lists, notification instructions, prescripted employee/media statements, basic response strategies, etc) on paper, on local mobile devices that would not be impacted, and/or in a separate cloud. These technologies should be able to provide the required information without a network connection.

C. Have emergency shutdown protocols for your data center. To prevent The Machines from taking over your data center and using it for their own nefarious purposes, you need a data center emergency disconnect and emergency shutdown plan.

What does this mean to you?

Interestingly, these three strategies can and should be applied to more mundane – and more likely – disasters such as loss of power to your data center, evacuation of the data center, and loss of access to the building containing the data center.

For example, if you have a building evacuation, can you quickly and orderly shutdown (and transfer) your data center? How do you access plans and data that are stored online?

Something else to consider: When I run loss-of-power drills for my clients, several responders say that when power is lost, the response strategy is simple: employees will work from home and they can VPN in to the network. However, some VPNs are structured such that employees at home or in other offices have to remotely log onto their desktops to access the company network. Imagine their surprise when home responders realize that even with a time-limited UPS–or when The Machines take over – power will be lost to the desktops! How will the workers at home be able to access the network? The answer is: they won’t! Thus this alleged business-saving work-at-home strategy will not work. As a results of these exercises, my clients preventatively fixed the problem. You should too.

To wrap up, I note that predicting trends is always a risk. But in our business, the one thing we can expect is the unexpected, requiring us to be prepared. No fortune cookie need tell us this; it’s what we do.

The author

Dr. Steven B. Goldman is an internationally recognized expert and consultant in business continuity, crisis management, disaster recovery, and crisis communications. He has over 30 years' experience in the various aspects of these disciplines. His background is comprehensive yet unique in that he has been a professional engineer, corporate spokesperson, manager of media relations, business continuity planner, crisis responder, consultant, and a Fortune 500 company’s Global Business Continuity Program Manager. Dr. Goldman is a cofounder and Lecturer at MIT’s 'Crisis Management & Business Continuity' Professional Education summer course. www.SteveGoldmanAssociates.com

This article was sponsored by xMatters:

xMatters’ cloud-based communication solutions enable any business process or application to trigger two-way communications (text, voice, email, SMS, etc.) throughout the extended enterprise during time-sensitive events. With over a decade of experience in rapid communication, xMatters serves more than 1,000 leading global firms to ensure business operations run smoothly and effectively during incidents such as IT failures, product recalls, natural disasters, dynamic staffing, service outages, medical emergencies and supply-chain disruption. More details.

•Date: 6th August 2014 • US/World •Type: Article • Topic: BC general

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here