Business Continuity Planning is not Optional
Patrick Daly
Insightful Technology Leader and Business Partner | SVP of Information Technology
Just two weeks ago I shared some thoughts and guidance on the criticality of business continuity planning for all organizations, particularly as it relates to evaluating where you may be at risk due to reliance on a single key supplier to facilitate critical processes. (See: "The Roads Must Roll: Keeping Your Critical Processes Moving ")
At that time, I was referencing the fallout of a cyberattack on CDK Global that impacted critical services they provide to roughly 15,000 auto dealerships throughout North America. With those services taken offline for several days, the impacted businesses were forced to fall back to manual processes, creating a direct impact on inventory tracking, customer price quotes, employee compensation, and other critical business activities.
Now we've experienced a more recent, and more notable, continuity impacting event in the form of a faulty Crowdstrike software update released last Thursday that induced highly visible Windows related outages in the form of blue screens of death (BSOD). That fallout affected Microsoft provided cloud services and an estimated 8.5 million Windows devices across the globe, and is still impacting some companies nearly a week later. This incident, while found to be a software error rather than malicious attack, further demonstrates how critical it is to evaluate risk to your critical business processes and develop pragmatic plans to continue operations, regardless of the cause.
For those of us who've been involved in business continuity and disaster recovery planning, we know there will be events we cannot fully foresee. In 2020, we encountered a global pandemic that was not likely to have been called out in even the most well considered plans. As a result, we learned that the array of possible disruptions can potentially be larger than originally imagined, raising the bar on the potential scope of business impact.
领英推荐
However, even if you can't fully predict all potential causes, there is great value in developing plans that focus on critical business processes from the perspective of what steps are needed to continue operating if that process is adversely impacted. That means ensuring your communication plans are well-defined and regularly shared with all relevant personnel, as well as defining operational alternatives to reduce impact on your customers and keep your business running.
There is always the hope that you'll never have to put the plans to use, but we also know that hope is not a strategy. In the end, it's better to have a plan and not need it, rather than needing a plan and not having it.
#DisasterRecovery #infosec #InformationSecurity #BusinessContinuity #VendorManagement #RiskManagement #ITStrategy #Software #sdlc #risk #RiskMitigation
CFO | Strategic Business Partner | Driving Growth, Innovation & Financial Excellence | M&A Expert | Risk & Compliance Leader | Global Experience with Top MNCs | People-Centric, Growth-Oriented Leader
4 个月Well captured though Patrick
Engineer | Manager
4 个月I have "The Disaster Recovery Handbook" in my e-book stack to be tackled (reading scrum/agile books these days). After reading this post I dove into Chapter 1 to make sure it is good enough to recommend and it is! It gives a full walkthrough of the process from zero to hero. link to the book: https://amzn.to/3zSDTpL