What business continuity lessons can be learned from disaster movies?https://totalsecuritysummit.co.uk/wp-content/uploads/2019/01/Rosk-Management.jpg 960 640 Guest Blog Guest Blog https://secure.gravatar.com/avatar/fc53b33ae6abff2901554c90ff3b4927?s=96&d=mm&r=g
By Chris Butler, Lead Principal Consultant, Resilience & Security, Sungard Availability Services
Disruption, a word which many businesses are very much used to now, can often have disastrous effects on productivity, output, company reputation, and ultimately the bottom line. On the other hand, that which we would call a ‘disaster’ in the enterprise world in most cases pales in comparison to the sensational disaster scenarios we’re used to seeing on the silver screen.
For example, a cyber-attack which steals and sells user data could potentially have devastating consequences for scores of businesses and consumers alike, but doesn’t quite evoke the same feelings of excitement as a full-scale alien invasion or the impending impact of a planet-sized meteor.
On the same note, in today’s world of hyper-extended supply chains, unexpected periods of application service downtime can send shockwaves of disruption around the world in a matter of minutes. While this scenario probably strikes fear in the hearts of supply chain specialists, zombie apocalypses or the rampaging of a giant, man-eating shark can arguably evoke these emotions amongst a much broader audience.
But while the forms of enterprise and Hollywood ‘disasters’ are clearly poles apart, many themes remain the same: outsider threats, technology problems, leadership loss, communication breakdown, environmental change, etc. Here we look past the special effects and extract the core business continuity themes which lie behind our favourite disaster movie scenarios.
Don’t let individuals get lost in space
For those used to working in office environments, the future is likely to be characterised by more working from home or from other remote locations. Video conferencing and collaboration apps have worked well to emulate the office environment, but a sudden break in their functionality can cause critical communication structures to break down entirely, leaving individuals cut-off from their teams.
In Gravity (2013), an unexpected incident leaves astronauts stranded in lower earth orbit with no team, no means of communicating with ground control, and no shuttle to take them back to earth. This is an extreme example of how people are at their most vulnerable when they are isolated, and can even start to panic or act irrationally when cut off from the rest of their team. It is for this reason that cyber-attack methods such as phishing and ransomware target isolated users, both of which saw a spike in usage as many countries went into lockdown.
Organisations simply can’t afford to leave their workforce stranded in space and expect them to make their own way home. Disasters almost always scatter or raise barriers between people, therefore it’s important for individuals to be made aware of contingencies for communication disruption scenarios ahead of the fact. This should comprise spreading awareness of emergency contact chains and back-up communication systems to keep everyone on the path to recovery when disaster strikes.
A loss of leadership leads to chaos
As anyone who’s seen Airplane! (1980) can tell you, pilots and co-pilots should never eat the same meal mid-flight, otherwise contaminated food could take both out of action simultaneously. While this is just one of a number of ludicrous happenings in this comedy classic, loss-of-leadership scenarios in the enterprise world happen surprisingly frequently – and are no laughing matter.
A loss of leadership typically stems from unexpected events, from travel delays or restrictions to instances of sickness or compassionate leave. Organisations should therefore make clear which of the leadership teams’ responsibilities should be delegated to whom in the instance where one or many suddenly become unavailable. To make this work, a bottom-up approach to enterprise resilience is crucial, taking into account both operational and human elements of business continuity.
Pilots cannot rely on there being a trained pilot and/or doctor amongst their passengers to miraculously save the day if they become incapacitated. Likewise, leadership teams shouldn’t leave resilience and continuity up to chance. By training proactively training staff, organisations can either spread responsibility across their organisations or implement and test a clear delegation structure to weather the shock of a sudden loss of leadership.
Prepare for technology to be sabotaged or to malfunction
Technology is the driving force behind digital transformation in the world, but this also means that we are more dependent on reliable, highly available systems than ever before. The alignment between IT and operations has become such that today, the resilience of an organisation’s IT is tantamount to its overall ability to continue operating when disruption strikes. So, what technology disruptions should organisations be on the lookout for?
Taking a lesson from Cloudy with a Chance of Meatballs (2009), a poorly understood or inadequately maintained piece of technology is likely to malfunction and can potentially wreak havoc, especially if that technology has a large base of end-users who rely on its availability 24/7. Additionally, as shown in Speed (1994), technology can also be sabotaged and held to ransom by unknown entities, using time pressure and the threat of harm to users to force organisations to fulfil their requests.
Unlike the movies, organisations can rely on Disaster Recovery (DR) tools, such as data-centre co-location, cloud back-up and storage, and failover power & networking solutions, to prepare for a diverse set of potential technology disruption scenarios. In addition, organisations shouldn’t rely on a single ‘hero’ to swoop in and save the day. Sharing the burden of knowledge relating to the ins and out of IT infrastructure not only allows teams to react faster to disruption, but ensures the resilience and availability of their products, services and operations.
Getting back to reality
Not every disaster scenario in the movies has its roots in science fiction or the supernatural. In fact, some have not only featured entirely plausible scenarios, but have been downright prescient. Take, for example, Contagion (2011), whose plotline revolves around the outbreak of a viral pandemic originating in South East Asia and resulting in the implementation of social distancing, self-isolation and a severe economic downturn. Clearly, there are not only indirect lessons to be learned from cinema.
Disasters are unexpected by definition. The work of disaster movie writers, therefore, is not so much removed from the work of business continuity specialists. Both are responsible for imagining: a) scenarios which cause significant disruption; b) the extent to which said disruption will have short/long-term impact; and c) the potential solutions to put in place both before and after disruption takes place. At a time when business continuity planning is at the top of the agenda for all organisations around the world, now is the time for organisations to use their imagination and prepare for a wide range of potential disruption scenarios.