Blog

Most Common Causes Of Disaster

Transcript:

Hello,

My name is Roseanne

In this presentation, I want to cover some of the leading causes of disaster which could potentially affect an organization.

Disaster planning can be pretty challenging. Not only does your business continuity and disaster recovery plan need to encompass the most critical business processes across each department, but this plan must also be thorough enough that it contains instructions for every possible type of disaster that your company might possibly encounter.

In a crisis, the human brain will usually only react in one of 2 ways. It will either revert to training or completely panic.
Having a disaster recovery plan can ensure that everyone knows their role in a high-pressure situation, and that operations can resume smoothly. And the more you prepare in advance, the lower your costs will be.

For example:

If you need to purchase 30 desktop computers and have them installed within 24 hours, you’re going to pay much less if you already have those vendor relationships established beforehand.

In this presentation, I’m going to cover some of the most common causes of corporate disasters. These can generally be classified under3 major categories:

  • Human
  • Technical
  • Natural

Human Causes of Disaster

Most human-related disasters are either malicious and intentional, or accidental.

In August of 2010, and 23 year old employee at a Salt Lake City Utah Mortgage company showed up for work intoxicated and proceeded to shoot their company servers full of holes with an automatic weapon.

At Storagepipe, we’ve seen customers go more than a year without backing up their SQL databases… and not even realize it. This is because database backups are very different from traditional flat file backups, and require special tools and training.

[Image Credit]

Although we hear about terrorism the most, it’s amongst the least common threats for companies in industrialized nations. But your organization should be concerned with potential terrorist activity if operating in politically unstable regions.

There have also been a number of major studies which have consistently shown that anywhere from 60 to 80 percent of all corporate data loss can be attributed directly to human error. In my opinion, this is one of the most important areas that companies should focus within their disaster planning strategy.

Some of the most important human-related threats to consider are the following:

  • Hacking, DDoS, or data theft
  • Accidentally losing backup tapes, or performing backups improperly
  • Deleting files by accident
  • An employee speaking to the press without company authorization
  • Kidnappings, murders and muggings
  • Attacks on public services such as water, food, transportation or utilities
  • Arson
  • Rioting, protests, looting or civil disorder
  • Product tampering or targeted external attacks on your company
  • Extortion or threats
  • Contagious disease epidemics
  • Workplace accidents causing injury or death
  • Loss of a key employee requiring urgent action
  • Social engineering, where an employee is tricked into helping a criminal harm your organization or obtain sensitive information
  • Fraud, embezzlement or theft
  • Bombings, shootings and chemical attacks

Technical Causes of Disaster

In August 2009, a turbine malfunction at the Yenisei River power plant caused a disastrous flood which killed 74 people, caused a complete blackout of the region and brought the local Aluminum smelting industry to a halt.

In February 2010, a technical bug on the ecommerce system at Blippy.com caused users credit card information to show up in Google search results. The company reacted swiftly to apologize and resolve the issue, but not before severe damage had been done in the media.

Here are a few examples of the most common technical disasters:

  • A broken network connection, a fried server, or some other severe physical breakage within your IT infrastructure
  • Structural collapses of major public infrastructure such as highways, airports, government buildings or railways
  • A virus or hacking incident
  • A major server crash or datacenter failure
  • A programming error causes major data corruption and service interruption
  • A building collapse
  • Water, pipeline or power grid malfunctions
  • Major infrastructure disaster such as dam breakages, nuclear plant emergencies, or gas explosions
  • Sewer backflow, causing flooding, damage and contamination

As we’ve seen through incidents such as the Exxon Valdez, the Chernobyl Disaster, and the BP Oil Spill, technical hazards are often the most expensive and the most preventable of all major disasters.

Natural Causes of Disaster

In the January of 2011, multinational companies were forced to deal with sudden simultaneous worldwide weather emergencies that partially or completely shut down major business centers such as New York USA, Rio de Janeiro Brazil, and Brisbane Australia.

In his autobiography Decision Points, former President George W. Bush described FEMA’s inability to react to the Hurricane Katrina disaster – and the public outcry that followed – as “The lowest point in my presidency”.

Like it or not, natural disasters are going to threaten your company, and there’s nothing that you can do about it. Whether or not you believe in global climate change, there’s no denying that the past few years have been some of the most volatile on record for natural disasters.

That’s why your company needs to be prepared for the worst. Listed here are, some of the most common natural disasters that can affect your business.

  • In cold-weather areas, you should consider the effects of hail storms, wind storms, avalanches, and ice storms. Although less common, ice storms – like the one that hit Quebec in 1998 – can be the most destructive to urban centers.
  • Water-related disasters such as heavy rain, tsunamis, hurricanes, tornadoes or flooding should also be considered in any area that vulnerable to these types of disasters. Urban flash-floods should be of special concern, since they are now becoming more common and carry great risk.
  • Hotter areas must plan for heat-related disasters such as drought, forest fires or brush fires, since these can quickly escalate into urban areas. In 2003, a lightning strike in Kelowna British Columbia Canada started a fire which destroyed nearly 250 homes and forced a partial evacuation of the city.
  • Other miscellaneous natural disasters include things such as rock slides, earthquakes, and land shifting. These types of incidents are rarer and harder to predict.

[Image Credit]

External Political Factors

Although these don’t exactly count as disasters, there are a number of external threats which must also be kept in mind when planning for emergencies.

It’s important for companies to understand that they don’t exist inside of an isolated bubble. Their actions affect the lives of other people in society, and this can sometimes lead to conflict. For this reason, companies must make contingency plans that take possible legal and political conflicts into account.

• Union disputes can bring large organizations or entire industries to a halt. These situations are tricky since conflicts might become emotionally charged. Also, there are a number of laws which dictate what measures a company can-and-can-not take in order to maintain business continuity until work is ready to resume.

  • In Canada, PIPEDA legislation gives Canadians citizens the right to know what personally identifiable information is being stored and collected about them, and it also controls what companies can and can’t do with that information.
  • The Gramm Leach Bailey Act (GLBA) forces companies in the financial services industry to protect client data, while proactively acting to protect foreseeable future threats. This means that companies are required by law to have written security plans in place to protect their client data.
  • The HIPAA act is a privacy legislation which forces medical professionals and insurance companies to protect confidential medical information. This is a critical time for HIPAA compliance, as medical professionals are taking advantage of mobile computing to provide better patient care.
  • The Sarbanes-Oxley act is another information compliance legislation which applies to publicly traded companies. It was created in 2002, as a reaction to the Enron scandal.
    This is not meant to be a complete list, nor is it intended to serve as legal advice. In order to protect your company from these types of political or legal threats, you should discuss with your legal team.

So there you have it. The 3 major categories of disasters that could affect your business are:

  • Human
  • Technical
  • Natural

And any disaster recovery plan that you create should be broad enough to include prevention and recovery steps for each of these. You should also have a business continuity plan in place that will allow you to continue revenue-generating activities until the company is able to fully recover from the incident.

I hope this presentation was helpful. If you have any questions, please leave them in the comments section and we’ll be glad to answer them for you.

If your company would like help in ensuring that its IT systems are secured against the 3 main causes of disaster, make sure to visit Storagepipe Solutions on the web at Storagepipe.com.

They offer a wide range of cost-effective, cloud-based business continuity and disaster recovery solutions for organizations of all sizes.

Leave a Reply