This is the first of a new series of articles you can expect to see in the first week of the month – a review of events in the past 30 days, the month that was.
This is not going to be another post that attempts to say how dangerous the world is, and how essential it is that more resources need to be allocated to we building our resilience and BC capabilities. There are already too many of those.
Instead I hope to put some of these events into a wider context – to compare and contrast the things that the BC industry made an issue about, and the things that perhaps we should be paying more attention to.
Resilience is not business continuity with a new name, it is a bigger, broader picture that we need to grasp.
Lets start with a couple of cyber attacks that occured during the month. Both are UK cases, and while significant to the people invovled are not major international events in their own right. They are pointers to what can, and most likely will, happen to companies anywhere in the world in future.
Both are telco related companies – Talk Talk and Vodafone.
TalkTalk had customer data compromised, tese totals form a report by Wired.com.uk
- 21,000 unique Bank accounts
- 28,000 obscured credit cards
- 15,000 customer DOB
- 1.2 million email addresses, names and phone numbers
More importantly it seems this is not the first time this company has been hacked – but perhaps the 3rd time in 2015. Not learning from mistakes and their own experience is perhaps more important for these guys than a bunch of extra BC compliance work.
No matter how many debriefs you conduct or reports you write – if nothing changes then you did not learn from the experience. The fundamental difference between resilience and a compliance “tick box” framework.[tweetthis hidden_hashtags=”#resilience”]No matter the debriefs u conduct & reports u write-if nothing changes then u did not learn from experience.[/tweetthis]
Perhaps also worth understanding the difference between lessons observed, and those actually learned.
No doubt there will be a number of articles written about these two cases, but the key focus areas for Cyber Threat are to protect where you can, and that means collaborate with your ICT or Info Security folks – and to prepare your Executive to respond appropriately.
Two years ago I presented at BCI World Conference on the subject of exercising execs on Cyber Threats, a critical activity that sorta the BC practitioner on the path to greater relevance. The message is summarised in this article from Continuity Magazine.
On the plus side, lets consider it fortunate that these attacks occurred in the UK, how embarassing if they had occurred in the USA where October was being observed as National Cyber Security Awareness Month.
Here are a couple of other issues that might not have the immediate and traditional impacts to get BC focus, but put them on you watch list and talk to your business leaders about the potential impacts and vulnerabilities than may follow.
- South East Asia is being covered by a pall of smoke – causing health issues, grounding flights and closes schools. The source is Indonesia but the impact is felt in Singapore and Malaysia. While it might be considered an annual problem, this year it has gone on longer and seems to be having a greater impact.
- How many companies have their supply chain exposed to this risk?
- Do you know what the impacts on your suppliers, or your suppliers suppliers might be?
The final issue I wanted to highlight this month has both horrific consequences – but the promise of a potential longer-term upside. We can choose the legacy BC path and simply focus on the disaster, or explore the path to resilience, which needs to consider agility and exploitation of opportunity.
The issue is a human tragedy, the massive number of people trying to make it to Europe from the Middle East – and the multiple drownings during the month are the dark face of this problem. Please do not debase the loss of life as a tool to gain mor eresources for your BC programme.
While still remaining respectful to the gravity, and the reason these people are desperate to get to Eurpoe, you can look for an upside or some medium and long-term strategic impacts.
This is an economic problem, and potential opportunity as these articles highlight
- Is the refugee crisis an opportunity for an ageing Europe? Brookings Institute
- A similar theme in this article from Huffington Post
If you are not really ready for resilience and the upside of risk, then at least consider the impacts of social and political changes especially what around borders and the flow of traffic and freight in Europe. What impacts (and opportunities) will that present at the operational level of your business?
Those are just my thoughts, you may agree or disagree. Reading wider than the tabloid media, the BC industry and a single country’s media often helps gather a new perspective.
What caught your attention during the month?
What lessons have you learned (changes implemented) as a result of incidents in the last month?
Would love to hear from you – just add a comment.
Leave a Reply