Present Blog-IT thought leadership in Canada

IT disasters: there is no such thing as “risk free,” but prevention is key!

Written by Francois Desjardins_ | May 25, 2017 2:00:03 PM

These days, no company is safe from IT disasters. The causes are as many as they are varied. What with the damage of equipment, natural disasters, outside provider service interruption, human errors, and computer abuse, it becomes rapidly clear that the concept of “risk free” does not exist.

 

Knowing that computer disasters lead to revenue losses of billions of dollars annually on a global level, it is in enterprises' best interest to understand the risks and adopt preventive and proactive solutions.

 

>>>Learn how you can protect your business assets with our free ebook<<<

 

 

3 examples of the impacts IT disasters have on companies

 

IT disasters have significant consequences on several levels:

  • Significant financial losses
  • Damage to reputation and loss of confidence
  • Legal consequences
  • Etc.

 

The case of the Royal Bank of Scotland

In 2012, the Royal Bank of Scotland experienced a system outage due to the mistake of an employee. An incorrect code entered into the system caused a denial of access. For several days, clients could not access their bank accounts, whether to make deposits, withdraw money, or pay bills. The pay system was also greatly affected. The Royal Bank had to offer compensation for the outage’s financial impacts to its many clients, such as late fees, and its reputation suffered significantly.

 

The case of Delta Airlines

In 2016, the American company Delta Airlines faced a major system outage. All the airline’s planes around the world were grounded for 6 hours. The flight schedules were disrupted for several days, the company experienced significant financial losses, and its reputation took a serious hit. The official cause of this disaster was a power outage in Atlanta, where the head office is located, which affected the computer system managing flights all over the world. However, human error is the more probable cause since the company surely had a disaster recovery center, yet it seemed unable to take over.  The exact cause was never revealed to the public.

 

The case of the American army

In 2015, the American army also experienced IT failures. The F-35 military planes’ software was no longer able to detect targets correctly. In this case, we are not talking about financial losses, but a situation that could have cost people their lives. Was it a programming problem? A security vulnerability that allowed the hacking of the system?  We will never know the real cause because the American army does not disclose this kind of information!

 

 

What are the main causes of IT disasters?

 

The main internal causes

Most of the time, IT disasters are caused by human error. There are many cases where leaders want to save time and money by cutting corners. As a result, the development process is completed quickly, and the test phase is not given the importance it deserves. By running applications or software that are not 100% verified or that have not been thoroughly tested, companies put themselves at great risk. While deadlines generally determine the launch of applications, it is the status of the application that should act as a guide.

Sometimes, it’s only a question of a wrong move. A company hosting the servers of several big Quebec companies experienced a disaster caused by a human error made in a computer room. An electrician whose job it was to add a power outlet in the server room inadvertently cut the wrong wire. Unfortunately, it was the power cable for a great number of servers in the data center.

A wrong decision or a lack of expertise can also lead to an IT disaster. For example, if you decide to place your recovery system in a private residence, you are certainly not safe from catastrophe. Think of the water damages, fires, or simply the children living in the house.

Unfortunately, disasters also stem from malicious acts. Since this risk is more likely due to an ill-intentioned employee than a hacker, it is hard to be protected from everything.

 

The main external causes

Hackers have been increasingly targeting companies with ransomware attacks that crypt data and require a ransom for companies to retrieve it. In addition, a Windows security vulnerability was recently exploited by the WannaCry ransomware, attacking hundreds of thousands of computers. A new wave of cyberattack by the Adylkuzz virus is also under way.

You must also be prepared for different types of disasters that can disrupt a company’s normal operations: flood, fire, damage of equipment, excessive solar radiation, or even satellite problems. Even though these are external causes out of your control, several solutions are available to avoid the worst.

 

 

Prevention is key!

 

There are several things you can do to reduce the risks significantly.

It is important for systems to be supported by a reliable, high-performance infrastructure. It is equally important to take the time and use the necessary resources to plan and execute the whole development process of an IT project before launching it.

However, the “risk free” aspect of IT disasters is non-existent. When a company depends on Information Technology to function – as is the case for the great majority of companies – it must certainly be prepared for the worst-case scenario and:

 

  • Protect itself adequately from the main risks by:

o Securing the network perimeter

o Adequately managing the BYOD policy

o Efficiently managing data access

  • Set up and test a recovery plan
  • Create a resilient infrastructure

 

The impacts of an IT disaster may be reduced significantly, or even avoided altogether for some, by following the above. As for the costs of such a project, ask yourself this question: how much would a major service interruption of your IT systems cost you?