Knowing that computer disasters lead to revenue losses of billions of dollars annually on a global level, it is in enterprises' best interest to understand the risks and adopt preventive and proactive solutions.
>>>Learn how you can protect your business assets with our free ebook<<<
IT disasters have significant consequences on several levels:
In 2012, the Royal Bank of Scotland experienced a system outage due to the mistake of an employee. An incorrect code entered into the system caused a denial of access. For several days, clients could not access their bank accounts, whether to make deposits, withdraw money, or pay bills. The pay system was also greatly affected. The Royal Bank had to offer compensation for the outage’s financial impacts to its many clients, such as late fees, and its reputation suffered significantly.
In 2016, the American company Delta Airlines faced a major system outage. All the airline’s planes around the world were grounded for 6 hours. The flight schedules were disrupted for several days, the company experienced significant financial losses, and its reputation took a serious hit. The official cause of this disaster was a power outage in Atlanta, where the head office is located, which affected the computer system managing flights all over the world. However, human error is the more probable cause since the company surely had a disaster recovery center, yet it seemed unable to take over. The exact cause was never revealed to the public.
In 2015, the American army also experienced IT failures. The F-35 military planes’ software was no longer able to detect targets correctly. In this case, we are not talking about financial losses, but a situation that could have cost people their lives. Was it a programming problem? A security vulnerability that allowed the hacking of the system? We will never know the real cause because the American army does not disclose this kind of information!
Most of the time, IT disasters are caused by human error. There are many cases where leaders want to save time and money by cutting corners. As a result, the development process is completed quickly, and the test phase is not given the importance it deserves. By running applications or software that are not 100% verified or that have not been thoroughly tested, companies put themselves at great risk. While deadlines generally determine the launch of applications, it is the status of the application that should act as a guide.
Sometimes, it’s only a question of a wrong move. A company hosting the servers of several big Quebec companies experienced a disaster caused by a human error made in a computer room. An electrician whose job it was to add a power outlet in the server room inadvertently cut the wrong wire. Unfortunately, it was the power cable for a great number of servers in the data center.
A wrong decision or a lack of expertise can also lead to an IT disaster. For example, if you decide to place your recovery system in a private residence, you are certainly not safe from catastrophe. Think of the water damages, fires, or simply the children living in the house.
Unfortunately, disasters also stem from malicious acts. Since this risk is more likely due to an ill-intentioned employee than a hacker, it is hard to be protected from everything.
Hackers have been increasingly targeting companies with ransomware attacks that crypt data and require a ransom for companies to retrieve it. In addition, a Windows security vulnerability was recently exploited by the WannaCry ransomware, attacking hundreds of thousands of computers. A new wave of cyberattack by the Adylkuzz virus is also under way.
You must also be prepared for different types of disasters that can disrupt a company’s normal operations: flood, fire, damage of equipment, excessive solar radiation, or even satellite problems. Even though these are external causes out of your control, several solutions are available to avoid the worst.
There are several things you can do to reduce the risks significantly.
It is important for systems to be supported by a reliable, high-performance infrastructure. It is equally important to take the time and use the necessary resources to plan and execute the whole development process of an IT project before launching it.
However, the “risk free” aspect of IT disasters is non-existent. When a company depends on Information Technology to function – as is the case for the great majority of companies – it must certainly be prepared for the worst-case scenario and:
o Securing the network perimeter
o Adequately managing the BYOD policy
o Efficiently managing data access
The impacts of an IT disaster may be reduced significantly, or even avoided altogether for some, by following the above. As for the costs of such a project, ask yourself this question: how much would a major service interruption of your IT systems cost you?