dr steve goldman's top ten business continuity predictions / trends for 2014
TRANSCRIPT
1
My Top Ten Business Continuity Predictions / Trends for 2014
Dr. Steven B. Goldman
2 MY TOP TEN BUSINESS CONTINUITY PREDICTIONS/TRENDS FOR 2014
Dr. Steven B. Goldman is an internationally recognized expert and consultant in Business Continuity, Crisis Management, Disaster Recovery, and Crisis Communications.
3
AGENDA
• Welcome and Introduction• My Top Ten BC/DR Predictions/Trends for
2014• Wrap up• Questions• Conclusion• Adjourn
4
AN UNEXPECTED EVENT WILL SOON MAKE YOUR LIFE MORE EXCITING
5
CAVEATS
• These are my observations– Yours may differ
• Well, an observation or two may not be completely mine
– References are provided
• “What does this mean to you?”– Added after each trend/prediction– You have to adapt this guidance to your particular situation
6
The image part with relationship ID rId3 was not found in the file.
2014
7
10 There has been an overall worldwide increase in the number of natural disasters
8
INCREASE IN NATURAL DISASTERS
• Incidence of natural disasters worldwide hassteadily increased
• Climate-related disasters– Floods, storm surge, and coastal flooding; storms, tropical cyclones,
local storms, heat/cold waves, drought, and wildfires– (2000 to 2009) = 3 x (1980 to 1989)
• Geophysical disasters– Earthquakes, volcanoes, dry rock falls, landslides, and avalanches– Fairly stable since the 1970's
http://www.nejm.org/doi/full/10.1056/NEJMra1109877?query=featured_home http://www.munichre.com/en/media_relations/press_releases/2014/2014_01_07_press_release.aspx
9
10
11
WHAT DOES THIS MEAN TO YOU?
• Expect these events
• Do not surrender to Mother Nature!
• Be prepared for whatever Mother Nature can dish out
• Planning, preparation, and execution
12
9The rise in malicious cyber attacks will continue
13
MCAFEE® LABS THREATS REPORT THIRD QUARTER 2013
• Several familiar trends • New trends
– Steady growth in mobile and overall malware – A sharp upturn in worldwide spam – The shutdown of the online market Silk Road, which sold drugs
and other illegal products – The emergence of the “Deep Web,” an online supply for
cybercriminals – An increase in the use of digital currencies by cybercriminals to
maintain anonymity for their illegal activities
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf
14
http://boston.cbslocal.com/2013/11/18/swansea-police-pay-ransom-after-computer-system-was-hacked/
15
http://www.ft.com/intl/cms/s/0/56b4382c-5ea7-11e3-8621-00144feabdc0.html#axzz2q6R7apxd
16
MCAFEE® LABS THREATS REPORT THIRD QUARTER 2013
• Mobile malware rose by 33 percent • New malware of all types exceeded 20 million
this period • All-time tally to more than 172 million binaries • New rootkits, AutoRun threats • Signed malware increased by almost 50
percent
17
CONSIDER THESE:
http://online.wsj.com/news/articles/SB10001424052702304644104579192393329283358
http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
http://news.cnet.com/8301-1009_3-57617075-83/credit-card-hackers-hit-neiman-marcus/
18
AND CONSIDER THESE:
http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/
http://www.cbsnews.com/news/dick-cheneys-heart/2
19
WHAT DOES THIS MEAN TO YOU?
• More and more corporate assets and operations are online
• Your organization must have a cyber attack prevention program as well as a response and recovery strategy
• Think outside the box your cell phone came in. Can you survive an attack on your mobile communications assets?
20
8 Some disruptions are becoming more predictable
21
SOME DISRUPTIONS ARE BECOMING MORE PREDICTABLE
• On the one hand – Economies around the world have become increasingly
vulnerable to the ever-changing nature of the sun. Solar flares can disrupt power grids, interfere with high-frequency airline and military communications, disrupt Global Positioning System (GPS) signals, interrupt civilian communications, and blanket the Earth’s upper atmosphere with hazardous radiation
• On the other hand – With more and more massive amounts of technology and data
available, we are more adept at better predicting weather patterns, natural disasters, system breakdowns, even human threats.
– Forecasters at NOAA’s Space Weather Prediction Center (SWPC) are expecting G3 (strong) geomagnetic storm conditions to occur on Earth Jan. 9 and 10
http://www.noaa.gov/features/01_economic/spaceweather_3.html
22
WHAT DOES THIS MEAN TO YOU?
• Have strategies and plans that become more preventative than reactive
– An ounce of prevention is worth a pound of response
• Listen and anticipate problems – Weather, cyber attacks, pandemic, power outages
• Don’t wait for a hurricane to begin implementing response plans
23
http://media.npr.org/assets/img/2012/10/31/sandy102612_custom-f3f593114fe3a3dd3479472fb0fd855e3dfff4fb-s6-c30.gif
High-Def Storm Models Yielded Accurate Predictions
http://www.npr.org/2012/10/31/164046039/high-def-storm-models-yielded-accurate-predictions
24
7 Disruptions should be considered the norm.
25
26
WHAT DOES THIS MEAN TO YOU?
• Business interruptions - whether acts of nature or man-made or technical glitches - are no longer outlying anomalies, but are becoming the norm.
• Consider the potential for business disruption like bad weather – you don’t like it, but it’s part of business life; be prepared to deal with it
• Embrace interruption as part of expected “day to day” processes and plan accordingly
• Most days are relatively nice; but be prepared for the occasional thunderstorm.
27
6 Cloud-to-cloud continuity will get serious with Software-as-a-Service (SaaS)
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
28
CLOUD-TO-CLOUD CONTINUITY WILL GET SERIOUS WITH SAAS
• Disaster recovery (DR) is a leading driver for public cloud use
– Mostly by enterprises looking to improve the resiliency of mid- to low-end apps
– For smaller companies putting their entire recovery strategy in the cloud
• Cloud-based DR will go cloud-to-cloud – Cloud-to-cloud backups for mainstream SaaS offerings
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
29
WHAT DOES THIS MEAN TO YOU?
• A new market of backup solutions is rising to meet this need
– These solutions automate the protection of critical data that is stored with SaaS providers so organizations can recover this data if it is accidentally, or maliciously, deleted
• Forrester wants to be clear that this is not replacing DRaaS and cloud DR, but it's more of an extension/different route that will be big in 2014. DRaaS is still continuing along at a very steady pace.
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
30
5 The role of the Business Continuity / Disaster Recovery professional is changing for the better
31
Old Joke: What is the difference between a highly paid/highly recognized BCP Manager and a Unicorn?
32
Old Joke: What is the difference between a highly paid/highly recognized BCP Manager and a Unicorn?
Answer: They are both mythical creatures!
33
Trending in Business Continuity - An Assessment of Data Collected Between 2009 – 2011; Prepared by BC Management, Inc. - June 2012
www.BCManagement.com
“One of our studies has shown that since 2009, respondents have indicated that IT/Disaster Recovery and Business Continuity strategies have increasingly supported organizational needs.” Cheyene Marling President, BC Management, Inc.
34
OTHER 2012 BCM INDUSTRY SURVEY TRENDS
• Increased awareness at the chief officer level
• A shift in program sponsor from mid management/ management to the chief officer level/ board committee.
• The chief level program sponsors are stepping up their level of engagement with the business continuity management program.
• Adding more full-time, permanent personnel dedicated to the program and a decrease in downsizing of personnel in the next year.
• A shift to an enterprise-wide resiliency focus with increased executive support
• Acknowledgement of increased standards that will more than likely continue to evolve the profession in the future.
35
WHAT DOES THIS MEAN TO YOU?
• Life is Good!
• We are becoming recognized more and more
• We are being taken seriously
• We have a career path – Vice President, Business Continuity – Vice President, Disaster Recovery – Chief Resiliency Officer
36
4 Communications expectations are increasing: The speed of information is faster than the speed of light
37
COMMUNICATIONS DEVICES ARE INCREASING
http://www.goodhousekeeping.com/product-reviews/research-institute/12-companies-with-great-recycling-programs
38
THE PACE OF TECHNOLOGY MOVES FAST!
• To reach 70% of US households: – Basic landline telephone: 52 Years – Cell phones: 17 years
• Apple App Store – 2008 ~ 500 apps – Today > 1,000,000 apps
• Facebook – 0 to > 1.1 Billion users 9 years
Apps image from : http://www.geek.com/apple/apple-app-store-subscriptions-1314201/
39
http://bostonherald.com/business/technology/technology_news/2014/01/the_new_stars_of_social_media
40
WHAT DOES THIS MEAN TO YOU?
• You need to keep up with the technology
• This technology allows your employees, customers, suppliers, etc., to communicate quickly and freely
• On the other hand, this technology raises the expectation that your employees, customers, suppliers, etc., will be contacted quickly when necessary – like in an emergency
• Communication plans need to factor in these expectations
41
42
Boston Marathon bombings More than 27 million Tweets were sent as the world discussed the bombings, the manhunt, and the spirit of #bostonstrong. After shutting down an entire city, Boston Police announced the capture of Boston Marathon terror suspects. This single tweet eliminated the tense atmosphere in the city.
http://www.forbes.com/sites/markfidelman/2013/12/14/twitter-these-are-the-most-popular-tweets-of-2013/
43
WHAT DOES THIS ALSO MEAN TO YOU?
• Fast initial communications are more important today than ever.
• You have to get in front of an event before it swallows you up.
• Bad advice from a public relations manual: – “Assess severity, length of issue and media life. If you believe this is a
very small ‘flash in the pan’ it may be best to not make public statements for 24-48 hours and see how quickly the issue goes away.”
44
3 Social Media will continue to drive BC/DR response.
45
SOCIAL MEDIA WILL CONTINUE TO DRIVE BC/DR RESPONSE
• Social media is here to stay
• A powerful tool to notify and communicate before, during, and after an event
• Can also be a burden to crisis responders – Incorrect information, rumors, everyone is a spokesperson
46
Severe Weather Tweets
47
Severe Weather Tweets
48
SOCIAL MEDIA WILL CONTINUE TO DRIVE BC/DR RESPONSE
• How Dan in West Virginia learned about the WV spill
– Dan lives and works in West Virginia
– Leak occurs just south of Dan’s home
– Someone in WV posts the event on Facebook
– Dan’s sister lives in upstate NY; she reads about the event on Facebook
– Dan’s sister calls Dan in WV and informs him of the leak
– Dan has not heard about the event!
– 15 minutes later, local news announces the leak
49
WHAT DOES THIS MEAN TO YOU?
• Organizations must know how to: – Leverage social media – Harness its power rather than let it control your response
• Companies/agencies need policies on what information (non-emergency response) employees can give out to the public, the media, and even their family & friends.
• Employees need to know and understand your communication policies and protocols, especially during a disaster
50
WHAT DOES THIS MEAN TO YOU?
• Make sure you have emergency communications policies such as:
– “Statements to the public and news media concerning an emergency at {Organization} are to be made only with the knowledge and guidance of the Emergency Communications Team.”
– “Information requests made to individual {Organization} employees and contractors by the public, media, and government officials must be referred to the Emergency Communications Team.”
51
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should have a policy such as:
– “Employees shall not use social media to discuss, describe, or inform anyone about any aspect of an emergency at {Organization}”
52
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should have a policy such as:
– “Employees shall not use social media to discuss, describe, or inform anyone about any aspect of an emergency at {Organization}”
• But wait!!!
•
53
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should have a policy such as:
– “Employees shall not use social media to discuss, describe, or inform anyone about any aspect of an emergency at {Organization}”
• But wait!!!
• Is that policy legal???
Picture from: http://www.veteransnewsnow.com/2011/10/24/
54
A LAWYER’S PERSPECTIVE: JULIE MEADOWS-KEEFE OF THE LAW FIRM GROSSMAN, FURLOW & BAYÓ
• It’s a thorny issue. That policy could raise some First Amendment and other issues
• If employee is in a life or death situation. . . – Probably no company discipline
• If employee tweeting on a personal account. . – Violating company policy but within First Amendment protections
55
A LAWYER’S PERSPECTIVE: JULIE MEADOWS-KEEFE OF THE LAW FIRM GROSSMAN, FURLOW & BAYÓ
• Policy should be a “Strong Recommendation” not to discuss events on social media
• If you do, make sure it is clear that the message is identified as a personal opinion
• Realistically: hard to implement or enforce
• Organizations should: – Train all employees on your policies and – Assume employee common sense
56
2 Twitiots will continue
57
TWITIOTS WILL CONTINUE
• Several people will become famous – or infamous – by tweeting/blogging something stupid!
58
Justine Sacco - the now-former
Communications Director for IAC - lost
her job approximately 12
hours after boarding her flight.
http://www.dailymail.co.uk/news/article-2527330/Blonde-female-PR-executive-tweets-Going-Africa-Hope-I-dont-AIDS-Just-kidding-Im-white-causes-international-outrage-likely-fired.html
59
http://www.huffingtonpost.com/2011/06/16/anthony-weiner-resigns-scandal_n_878161.html
60
http://www.hollywoodreporter.com/live-feed/pan-am-karine-vanasse-canceled-twitter-bridget-279433
61
WHAT DOES THIS MEAN TO YOU?
• Everyone with an internet connection/e-mail/twitter account – essentially all your employees - must understand that by pressing the “Send” button, you are sending your “personal” message to potentially over 2.4 Billion people
• That’s over one third of the world’s population
• There are no take-backs
• Again, what is your social media policy during an emergency?
62
http://i.dailymail.co.uk/i/pix/2011/04/29/article-1381820-0BD506C300000578-443_964x635.jpg
SEND
63
1 Be prepared for the Matrix, the Robot Uprising, or Skynet!
64
1
http://en.wikipedia.org/wiki/The_Matrix http://en.wikipedia.org/wiki/How_to_Survive_a_Robot_Uprising
http://technorati.com/technology/article/skynet-goes-active-terminator-judgment-dayapril/
http://pogoprinciple.wordpress.com/2012/10/03/
65
KEEP THE MACHINES FROM TAKING YOU OVER!
• Store data in offline forms and/or on local devices
• Keep continuity plans on paper and/or on local devices
• Have emergency shutdown protocols for your data center
66
WHAT DOES THIS MEAN TO YOU?
• These three strategies can and should be applied to more mundane – and more likely – disasters
– Loss of power to your data center – Evacuation of the data center – Loss of access to the building containing the data center
• If you have a data center building evacuation:
– Can you quickly and orderly shutdown (and transfer) your data center?
– How do you access plans and data that are stored online or on your network?
67
http://en.wikipedia.org/wiki/File:Virtual_Private_Network_overview.svg
68
http://en.wikipedia.org/wiki/File:Virtual_Private_Network_overview.svg http://www.outagealarm.com/
Loss of power
Robot Uprising or
69
BONUS TREND
Your company/agency/ organization will be impacted by a disaster in 2014
70
YOUR COMPANY/AGENCY/ORGANIZATION WILL BE IMPACTED BY A DISASTER IN 2014
• Directly – Hurricane – Credit card hacking – Chemical spill/release – Etc, etc, etc.
• Indirectly – Post-Target system checks – Crisis affecting your neighbor – Crisis affecting your industry – Etc, etc, etc.
71
WHAT DOES THIS MEAN TO YOU?
• Are you prepared????
• The usual “stuff” – Management support, BIA, plans, procedures, staffing, equipment,
facilities, training, drills, exercises, lessons learned, etc
• Collateral damage from someone else’s crisis
• Management awareness?
72
Wrap up
73
PREDICTING TRENDS IS ALWAYS A RISK
http://www.nationalreview.com/tags/boston-marathon-bombing#!
http://darkroom.baltimoresun.com/2013/10/boston-celebrates-red-sox-world-series-victory/#6
74
QUESTIONS?
75 REFERENCES Trend Information Source
10 § http://www.nejm.org/doi/full/10.1056/NEJMra1109877?query=featured_home § http://www.munichre.com/en/media_relations/press_releases/2014/2014_01_07_press_release.aspx
9
§ http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf § http://boston.cbslocal.com/2013/11/18/swansea-police-pay-ransom-after-computer-system-was-hacked/
§ http://www.ft.com/intl/cms/s/0/56b4382c-5ea7-11e3-8621-00144feabdc0.html#axzz2q6R7apxd § http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
§ http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
§ http://news.cnet.com/8301-1009_3-57617075-83/credit-card-hackers-hit-neiman-marcus/
§ http://www.cbsnews.com/news/dick-cheneys-heart/2/ § http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/
8 § http://www.noaa.gov/features/01_economic/spaceweather_3.html § http://www.npr.org/2012/10/31/164046039/high-def-storm-models-yielded-accurate-predictions
7 None
6 § Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
5 § “Contingency Management Trends; What are the most “successful” programs doing right?” presentation by Cheyene Marling, October 2013 § Trending in Business Continuity - An Assessment of Data Collected Between 2009 – 2011; Prepared by BC Management, Inc. - June 2012
4
§ http://visualizingeconomics.com/2008/02/18/adoption-of-new-technology-since-1900 § Boston MA Globe, January 8, 2014: “Apple says $10b spent in app store”, Associated Press story
§ Facebook Reports First Quarter 2013 Results - Facebook. Investor.fb.com (May 1, 2013). Retrieved on July 21, 2013 § http://www.dailymail.co.uk/news/article-2396909/Police-inundated-calls-cable-outage-Breaking-Bad-began.html
§ http://www.forbes.com/sites/markfidelman/2013/12/14/twitter-these-are-the-most-popular-tweets-of-2013/
§ http://www.mvma.org/MediaResources/3-Crisis%20Communications.pdf
3 § Julie Meadows-Keefe of the law firm Grossman, Furlow & Bayó; personal conversations, January 9, 2014 § http://www.gfblawfirm.com/bio_keefe.html
2
§ http://www.forbes.com/sites/jeffbercovici/2013/12/23/justine-sacco-and-the-self-inflicted-perils-of-twitter/ § http://www.dailymail.co.uk/news/article-2527330/Blonde-female-PR-executive-tweets-Going-Africa-Hope-I-dont-AIDS-Just-kidding-Im-white-
causes-international-outrage-likely-fired.html § http://www.huffingtonpost.com/2011/06/16/anthony-weiner-resigns-scandal_n_878161.html
§ http://www.hollywoodreporter.com/live-feed/pan-am-karine-vanasse-canceled-twitter-bridget-279433
§ http://www.hollywoodreporter.com/gallery/twitter-gaffes-2011-alec-baldwin-ashton-kutcher-276424#4-anthony-weiner § http://www.hollywoodreporter.com/gallery/twitter-gaffes-2011-alec-baldwin-ashton-kutcher-276424#6-karine-vanasse
1 § Another tip of the hat to Rachel Dines: http://blogs.forrester.com/rachel_dines/13-04-01-continuity_planning_for_the_robot_uprising
77
MAY YOUR 2014 BE A YEAR OF UNEVENTFUL PREPAREDNESS!
78
Thank you!Watch the webinar
Dr. Steven B. Goldman