Don’t Take a Vacation on Resiliency.
Posted November 14, 2024 by Kevin Finch
The leaves have turned, there’s a brisk bite to the air after the sun goes down, and I’m getting a ton of e-mails about Black Friday sales. That can only mean one thing: the holidays are coming.
Regardless of what or how you choose to celebrate, the holidays make for a distinctly different time of year in the world of business. Generally, there’s more gatherings to go to, more things to finish by the end of the year, a little bit more stress, and it’s a time that lots of people take vacation. About 80% of non-retail employees take Thanksgiving and/or New Years Day off, and almost 90% take Christmas day off. It’s important to them too — about 30% of people forced to work the holidays plan on changing jobs in the next year. (Don’t get me wrong here — Taking time away from work to recharge is important, and it’s something that those of us in the U.S. notoriously don’t do enough of.)
It’s important to keep in mind that not only do the holidays represent a time when people are more likely to be on vacation, those vacations could put you in a situation where you’re more vulnerable to outages. In order to overcome that vulnerability, it’s a great time to make sure that your resiliency plans are up to date.
“Is your house on fire, Clark?”
Aunt Bethany, National Lampoon’s Christmas Vacation
For example, let’s say that you have a hardware fault in a physical application server in your environment. If you have a relatively immature Disaster Recovery (DR) program, you might find yourselves in a situation where the only person that knows how to recover that server to its most current configuration is lying on a beach somewhere. If your DR plans are not kept up to date, that’s not an unrealistic predicament.
Let’s take that one step further. If that hardware fault is so severe that you need to make an emergency purchase (like a new motherboard for a server that’s out of warranty, which happens at 73% of businesses), you don’t want to find yourselves in a situation where the only executive that can sign for that purchase is sitting on a cruise ship. If you do need to declare a disaster, hopefully that executive isn’t the only person who can do that, too. The best way to handle that situation is to make sure you update your Resiliency Plans and policies before a situation like this occurs.
But, as we all know, we’re much more likely to need our disaster recovery plans in response to some cyber incident. Having your DR plans and Resiliency Plans updated is an essential part of being prepared for those inevitable cyber attacks, but that’s a little more urgent this time of year. Traditionally, there is an uptick in the frequency of cyber attacks around this time of year (and phishing attacks increase by over 50%), and I believe that’s because cyber criminals have figured out people are more likely to pay. Retail businesses, payment processors, and all manners of online sellers depend on the busy holiday shopping season to survive, and any sort of service interruption could cause irreparable harm. Cyber criminals realize this, and cyber attacks this time of year are becoming much more commonplace.
So what if you have a confluence of bad luck and get hit with a ransomware attack while your application recovery expert and your executive with signing authority are both on vacation? Cybercriminals try to target businesses so that very thing happens. You’ll have no choice but to try and figure out some way to pay the ransom unless your recovery plans are up to date. If it comes to that, you better hope you are one of the lucky ones whose systems actually get recovered after you pay the ransom, or you’ll be suffering for weeks (or longer).
“We’re all in this together! This is a full-blown, four-alarm holiday emergency here!”
– Clark Griswold, National Lampoon’s Christmas Vacation
Holidays, vacations, and cybercrime are all a part of life in the business world today. The best way to be prepared is to keep your plans up to date. Not sure if your business will be able to respond if a critical incident occurs during the holidays? Curious how well aligned your Business Resiliency program is with best practices? Want some help figuring out where your gaps are? Sayers is here to help. We have dozens of companies we have helped improve their resiliency and tackle the challenges they face every day. We would be happy to help you out too. Happy Holidays!