Dr. Steven B. Goldman is an internationally recognized expert and consultant in Business Continuity, Crisis Management, Disaster Recovery, and Crisis Communications. Read his predictions for 2014.
2. 2
MY TOP TEN BUSINESS CONTINUITY
PREDICTIONS/TRENDS FOR 2014
Dr. Steven B. Goldman
is an internationally
recognized expert and
consultant in Business
Continuity, Crisis
Management, Disaster
Recovery, and Crisis
Communications.
3. 3
AGENDA
• Welcome and Introduction
• My Top Ten BC/DR Predictions/Trends for
2014
• Wrap up
• Questions
• Conclusion
• Adjourn
5. 5
CAVEATS
• These are my observations
– Yours may differ
• Well, an observation or two may not be
completely mine
– References are provided
• “What does this mean to you?”
– Added after each trend/prediction
– You have to adapt this guidance to your particular situation
6. 6
The image part with relationship ID rId3 was not found in the file.
2014
7. 7
10
There has been an
overall worldwide
increase in the
number of natural
disasters
8. 8
INCREASE IN NATURAL DISASTERS
• Incidence of natural disasters worldwide has
steadily increased
• Climate-related disasters
– Floods, storm surge, and coastal flooding; storms, tropical cyclones,
local storms, heat/cold waves, drought, and wildfires
– (2000 to 2009) = 3 x (1980 to 1989)
• Geophysical disasters
– Earthquakes, volcanoes, dry rock falls, landslides, and avalanches
– Fairly stable since the 1970's
http://www.nejm.org/doi/full/10.1056/NEJMra1109877?query=featured_home
http://www.munichre.com/en/media_relations/press_releases/2014/2014_01_07_press_release.aspx
11. 11
WHAT DOES THIS MEAN TO YOU?
• Expect these events
• Do not surrender to Mother Nature!
• Be prepared for whatever Mother Nature can
dish out
• Planning, preparation, and execution
13. 13
MCAFEE® LABS THREATS REPORT
THIRD QUARTER 2013
• Several familiar trends
• New trends
– Steady growth in mobile and overall malware
– A sharp upturn in worldwide spam
– The shutdown of the online market Silk Road, which sold drugs
and other illegal products
– The emergence of the “Deep Web,” an online supply for
cybercriminals
– An increase in the use of digital currencies by cybercriminals to
maintain anonymity for their illegal activities
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf
16. 16
MCAFEE® LABS THREATS REPORT
THIRD QUARTER 2013
• Mobile malware rose by 33 percent
• New malware of all types exceeded 20 million
this period
• All-time tally to more than 172 million binaries
• New rootkits, AutoRun threats
• Signed malware increased by almost 50
percent
19. 19
WHAT DOES THIS MEAN TO YOU?
• More and more corporate assets and operations
are online
• Your organization must have a cyber attack
prevention program as well as a response and
recovery strategy
• Think outside the box your cell phone came in.
Can you survive an attack on your mobile
communications assets?
21. 21
SOME DISRUPTIONS ARE BECOMING
MORE PREDICTABLE
• On the one hand
– Economies around the world have become increasingly
vulnerable to the ever-changing nature of the sun. Solar flares can
disrupt power grids, interfere with high-frequency airline and
military communications, disrupt Global Positioning System (GPS)
signals, interrupt civilian communications, and blanket the Earth’s
upper atmosphere with hazardous radiation
• On the other hand
– With more and more massive amounts of technology and data
available, we are more adept at better predicting weather
patterns, natural disasters, system breakdowns, even human
threats.
– Forecasters at NOAA’s Space Weather Prediction Center (SWPC)
are expecting G3 (strong) geomagnetic storm conditions to occur
on Earth Jan. 9 and 10
http://www.noaa.gov/features/01_economic/spaceweather_3.html
22. 22
WHAT DOES THIS MEAN TO YOU?
• Have strategies and plans that become more
preventative than reactive
– An ounce of prevention is worth a pound of response
• Listen and anticipate problems
– Weather, cyber attacks, pandemic, power outages
• Don’t wait for a hurricane to begin
implementing response plans
26. 26
WHAT DOES THIS MEAN TO YOU?
• Business interruptions - whether acts of nature or man-
made or technical glitches - are no longer outlying
anomalies, but are becoming the norm.
• Consider the potential for business disruption like bad
weather – you don’t like it, but it’s part of business life; be
prepared to deal with it
• Embrace interruption as part of expected “day to day”
processes and plan accordingly
• Most days are relatively nice; but be prepared for the
occasional thunderstorm.
27. 27
6
Cloud-to-cloud
continuity will get
serious with Software-
as-a-Service (SaaS)
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-
cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
28. 28
CLOUD-TO-CLOUD CONTINUITY WILL
GET SERIOUS WITH SAAS
• Disaster recovery (DR) is a leading driver for
public cloud use
– Mostly by enterprises looking to improve the resiliency of mid- to
low-end apps
– For smaller companies putting their entire recovery strategy in the
cloud
• Cloud-based DR will go cloud-to-cloud
– Cloud-to-cloud backups for mainstream SaaS offerings
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-
cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
29. 29
WHAT DOES THIS MEAN TO YOU?
• A new market of backup solutions is rising to
meet this need
– These solutions automate the protection of critical data that is stored
with SaaS providers so organizations can recover this data if it is
accidentally, or maliciously, deleted
• Forrester wants to be clear that this is not
replacing DRaaS and cloud DR, but it's more of
an extension/different route that will be big in
2014. DRaaS is still continuing along at a very
steady pace.
Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-
cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
30. 30
5
The role of the
Business Continuity /
Disaster Recovery
professional is
changing for the better
31. 31
Old Joke: What is the difference between
a highly paid/highly recognized BCP Manager and a Unicorn?
32. 32
Old Joke: What is the difference between
a highly paid/highly recognized BCP Manager and a Unicorn?
Answer: They are both mythical creatures!
33. 33
Trending in Business Continuity - An Assessment of Data Collected
Between 2009 – 2011; Prepared by BC Management, Inc. - June 2012
www.BCManagement.com
“One of our studies has shown
that since 2009, respondents have
indicated that IT/Disaster
Recovery and Business Continuity
strategies have increasingly
supported organizational needs.”
Cheyene Marling
President, BC Management, Inc.
34. 34
OTHER 2012 BCM INDUSTRY SURVEY
TRENDS
• Increased awareness at the chief officer level
• A shift in program sponsor from mid management/
management to the chief officer level/ board committee.
• The chief level program sponsors are stepping up their level of
engagement with the business continuity management program.
• Adding more full-time, permanent personnel dedicated to the
program and a decrease in downsizing of personnel in the next
year.
• A shift to an enterprise-wide resiliency focus with increased
executive support
• Acknowledgement of increased standards that will more than
likely continue to evolve the profession in the future.
35. 35
WHAT DOES THIS MEAN TO YOU?
• Life is Good!
• We are becoming recognized more and more
• We are being taken seriously
• We have a career path
– Vice President, Business Continuity
– Vice President, Disaster Recovery
– Chief Resiliency Officer
38. 38
THE PACE OF TECHNOLOGY MOVES FAST!
• To reach 70% of US households:
– Basic landline telephone: 52 Years
– Cell phones: 17 years
• Apple App Store
– 2008 ~ 500 apps
– Today > 1,000,000 apps
• Facebook
– 0 to > 1.1 Billion users 9 years
Apps image from : http://www.geek.com/apple/apple-
app-store-subscriptions-1314201/
40. 40
WHAT DOES THIS MEAN TO YOU?
• You need to keep up with the technology
• This technology allows your employees, customers,
suppliers, etc., to communicate quickly and freely
• On the other hand, this technology raises the
expectation that your employees, customers,
suppliers, etc., will be contacted quickly when
necessary – like in an emergency
• Communication plans need to factor in these
expectations
42. 42
Boston Marathon bombings
More than 27 million Tweets were sent as the world discussed the
bombings, the manhunt, and the spirit of #bostonstrong.
After shutting down an entire city, Boston Police announced the capture
of Boston Marathon terror suspects. This single tweet eliminated the
tense atmosphere in the city.
http://www.forbes.com/sites/markfidelman/2013/12/14/twitter-these-are-the-most-popular-tweets-of-2013/
43. 43
WHAT DOES THIS ALSO MEAN TO YOU?
• Fast initial communications are more important
today than ever.
• You have to get in front of an event before it
swallows you up.
• Bad advice from a public relations manual:
– “Assess severity, length of issue and media life. If you believe this is a
very small ‘flash in the pan’ it may be best to not make public
statements for 24-48 hours and see how quickly the issue goes
away.”
45. 45
SOCIAL MEDIA WILL CONTINUE
TO DRIVE BC/DR RESPONSE
• Social media is here to stay
• A powerful tool to notify and communicate
before, during, and after an event
• Can also be a burden to crisis responders
– Incorrect information, rumors, everyone is a spokesperson
48. 48
SOCIAL MEDIA WILL CONTINUE
TO DRIVE BC/DR RESPONSE
• How Dan in West Virginia
learned about the WV spill
– Dan lives and works in West
Virginia
– Leak occurs just south of Dan’s
home
– Someone in WV posts the event
on Facebook
– Dan’s sister lives in upstate NY;
she reads about the event on
Facebook
– Dan’s sister calls Dan in WV and
informs him of the leak
– Dan has not heard about the
event!
– 15 minutes later, local news
announces the leak
49. 49
WHAT DOES THIS MEAN TO YOU?
• Organizations must know how to:
– Leverage social media
– Harness its power rather than let it control your response
• Companies/agencies need policies on what
information (non-emergency response) employees
can give out to the public, the media, and even their
family & friends.
• Employees need to know and understand your
communication policies and protocols, especially
during a disaster
50. 50
WHAT DOES THIS MEAN TO YOU?
• Make sure you have emergency
communications policies such as:
– “Statements to the public and news media concerning an
emergency at {Organization} are to be made only with the
knowledge and guidance of the Emergency Communications
Team.”
– “Information requests made to individual {Organization}
employees and contractors by the public, media, and government
officials must be referred to the Emergency Communications
Team.”
51. 51
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should
have a policy such as:
– “Employees shall not use social media to discuss, describe, or
inform anyone about any aspect of an emergency at
{Organization}”
52. 52
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should
have a policy such as:
– “Employees shall not use social media to discuss, describe, or
inform anyone about any aspect of an emergency at
{Organization}”
• But wait!!!
•
53. 53
WHAT DOES THIS MEAN TO YOU?
• What about the social media? You should
have a policy such as:
– “Employees shall not use social media to discuss, describe, or
inform anyone about any aspect of an emergency at
{Organization}”
• But wait!!!
• Is that policy legal???
Picture from: http://www.veteransnewsnow.com/2011/10/24/
54. 54
A LAWYER’S PERSPECTIVE:
JULIE MEADOWS-KEEFE
OF THE LAW FIRM GROSSMAN, FURLOW & BAYÓ
• It’s a thorny issue. That policy could raise
some First Amendment and other issues
• If employee is in a life or death situation. . .
– Probably no company discipline
• If employee tweeting on a personal account. .
– Violating company policy but within First Amendment protections
55. 55
A LAWYER’S PERSPECTIVE:
JULIE MEADOWS-KEEFE
OF THE LAW FIRM GROSSMAN, FURLOW & BAYÓ
• Policy should be a “Strong Recommendation” not
to discuss events on social media
• If you do, make sure it is clear that the message
is identified as a personal opinion
• Realistically: hard to implement or enforce
• Organizations should:
– Train all employees on your policies and
– Assume employee common sense
58. 58
Justine Sacco - the
now-former
Communications
Director for IAC - lost
her job
approximately 12
hours after boarding
her flight.
http://www.dailymail.co.uk/news/article-2527330/Blonde-female-PR-executive-tweets-Going-Africa-Hope-I-dont-AIDS-Just-kidding-Im-white-causes-international-outrage-likely-
fired.html
61. 61
WHAT DOES THIS MEAN TO YOU?
• Everyone with an internet connection/e-mail/twitter
account – essentially all your employees - must
understand that by pressing the “Send” button, you
are sending your “personal” message to potentially
over 2.4 Billion people
• That’s over one third of the world’s population
• There are no take-backs
• Again, what is your social media policy during an
emergency?
65. 65
KEEP THE MACHINES FROM
TAKING YOU OVER!
• Store data in offline forms and/or on local
devices
• Keep continuity plans on paper and/or on
local devices
• Have emergency shutdown protocols for
your data center
66. 66
WHAT DOES THIS MEAN TO YOU?
• These three strategies can and should be
applied to more mundane – and more likely –
disasters
– Loss of power to your data center
– Evacuation of the data center
– Loss of access to the building containing the data center
• If you have a data center building
evacuation:
– Can you quickly and orderly shutdown (and transfer) your data
center?
– How do you access plans and data that are stored online or on
your network?
70. 70
YOUR COMPANY/AGENCY/ORGANIZATION
WILL BE IMPACTED BY A DISASTER IN 2014
• Directly
– Hurricane
– Credit card hacking
– Chemical spill/release
– Etc, etc, etc.
• Indirectly
– Post-Target system checks
– Crisis affecting your neighbor
– Crisis affecting your industry
– Etc, etc, etc.
71. 71
WHAT DOES THIS MEAN TO YOU?
• Are you prepared????
• The usual “stuff”
– Management support, BIA, plans, procedures, staffing, equipment,
facilities, training, drills, exercises, lessons learned, etc
• Collateral damage from someone else’s crisis
• Management awareness?
75. 75
REFERENCES
Trend Information
Source
10
§ http://www.nejm.org/doi/full/10.1056/NEJMra1109877?query=featured_home
§ http://www.munichre.com/en/media_relations/press_releases/2014/2014_01_07_press_release.aspx
9
§ http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf
§ http://boston.cbslocal.com/2013/11/18/swansea-police-pay-ransom-after-computer-system-was-hacked/
§ http://www.ft.com/intl/cms/s/0/56b4382c-5ea7-11e3-8621-00144feabdc0.html#axzz2q6R7apxd
§ http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
§ http://www.washingtonpost.com/business/economy/target-says-70-million-customers-were-hit-by-dec-data-breach-more-than-first-reported/
2014/01/10/0ada1026-79fe-11e3-8963-b4b654bcc9b2_story.html
§ http://news.cnet.com/8301-1009_3-57617075-83/credit-card-hackers-hit-neiman-marcus/
§ http://www.cbsnews.com/news/dick-cheneys-heart/2/
§ http://www.foxnews.com/leisure/2013/09/04/hackers-find-weaknesses-in-car-computer-systems/
8
§ http://www.noaa.gov/features/01_economic/spaceweather_3.html
§ http://www.npr.org/2012/10/31/164046039/high-def-storm-models-yielded-accurate-predictions
7 None
6
§ Rachel Dines, Forrester Research, for her contribution to http://blogs.forrester.com/james_staten/13-12-04-
cloud_computing_predictions_for_2014_cloud_joins_the_formal_it_portfolio
5
§ “Contingency Management Trends; What are the most “successful” programs doing right?” presentation by Cheyene Marling, October 2013
§ Trending in Business Continuity - An Assessment of Data Collected Between 2009 – 2011; Prepared by BC Management, Inc. - June 2012
4
§ http://visualizingeconomics.com/2008/02/18/adoption-of-new-technology-since-1900
§ Boston MA Globe, January 8, 2014: “Apple says $10b spent in app store”, Associated Press story
§ Facebook Reports First Quarter 2013 Results - Facebook. Investor.fb.com (May 1, 2013). Retrieved on July 21, 2013
§ http://www.dailymail.co.uk/news/article-2396909/Police-inundated-calls-cable-outage-Breaking-Bad-began.html
§ http://www.forbes.com/sites/markfidelman/2013/12/14/twitter-these-are-the-most-popular-tweets-of-2013/
§ http://www.mvma.org/MediaResources/3-Crisis%20Communications.pdf
3
§ Julie Meadows-Keefe of the law firm Grossman, Furlow & Bayó; personal conversations, January 9, 2014
§ http://www.gfblawfirm.com/bio_keefe.html
2
§ http://www.forbes.com/sites/jeffbercovici/2013/12/23/justine-sacco-and-the-self-inflicted-perils-of-twitter/
§ http://www.dailymail.co.uk/news/article-2527330/Blonde-female-PR-executive-tweets-Going-Africa-Hope-I-dont-AIDS-Just-kidding-Im-white-
causes-international-outrage-likely-fired.html
§ http://www.huffingtonpost.com/2011/06/16/anthony-weiner-resigns-scandal_n_878161.html
§ http://www.hollywoodreporter.com/live-feed/pan-am-karine-vanasse-canceled-twitter-bridget-279433
§ http://www.hollywoodreporter.com/gallery/twitter-gaffes-2011-alec-baldwin-ashton-kutcher-276424#4-anthony-weiner
§ http://www.hollywoodreporter.com/gallery/twitter-gaffes-2011-alec-baldwin-ashton-kutcher-276424#6-karine-vanasse
1 § Another tip of the hat to Rachel Dines: http://blogs.forrester.com/rachel_dines/13-04-01-continuity_planning_for_the_robot_uprising
76. 76
Dr. Steve Goldman
Web site: www. SteveGoldmanAssociates.com
E-mail: Steve@SteveGoldmanAssociates.com