Weathering Storms, Preventing Breaches - IT Emergencies & Security

Mar 5, 2014

Back to Veoci BlogWeathering Storms, Preventing Breaches - IT Emergencies & Security

The structure of crisis response is often the same for any given type of situation. Our past experiences with system outages and security breaches in the Information Technology sector, and our current experiences with natural disasters and events like Hurricane Sandy, have proven this.

While responders in different fields and industries use tools specifically designed for the landscapes they operate in, the structure of the response and the information problems are the same. Starting with the initial triage, to the selection of a response, to the execution of the response plan and management of the different forces at play, and finally to the remediation and recovery, the general flow of emergency management is universal. Furthermore, all emergencies and disasters contain within them a crisis of information – the responders and stakeholders all need accurate, up-to-date information, and communication is the ever likely failure point. 

Given all of this, it isn't surprising that some in IT have even begun to consider the FEMA Incident Command Structure (ICS) for cyber security and technology disasters. It makes sense. 

You use a lock and key to secure your home and goods; you password lock your computer and your activities on the Internet. We install security and monitoring systems in our schools and other important public places to ensure safety; software developers write security safeguards and checks directly into their code to prevent unwanted intrusion and malicious attacks. Hurricanes down power lines and put entire communities in the dark; software systems crash and take out vital software applications and can halt vital operations for their users. 

The bottom line is this: the more valuable your data, the more security and safeguards you need. Using FEMA's ICS as a model is only the tip of the iceberg. Last week I was at the RSA conference in San Francisco. RSA stands for Rivest, Shamir and Adleman, the three MIT researchers who invented public key encryption (you use my public key to encrypt and I use my private key to decrypt). In attendance were representatives of every Fortune 500 company and thousands of other organizations, including the CIA and the NSA, all learning about and exchanging ideas on cyber security.

Jigsaw Puzzle Image
Type image caption here (optional)

IT security is already a $60B industry and is expected to grow tenfold in the next ten years. Providing the equivalent of kevlar vests and alarm systems, companies in this space offer products focused on protecting from old and new threats while also working to make their tools more effective and easier to use. Products on offer at the conference spanned the gamut – software that predicts vulnerabilities as code is written, like a spellchecker; traffic trackers and analysis tools for assessing potential threats; safeguard frameworks designed to prevent data loss; biometric systems for managing access to a variety of spaces, both physical and cyber; and many more born out of an ever evolving landscape of threats. 

 What I didn't see, though, were tools with a focus on the management of and communication around what happens after and between breaches and crashes. Let's face it - a recovery period can last for weeks or months; mitigation plans need to be executed and achieved; remediations have to be implemented; the "next" time could be any time, and the activities in between events must contribute to improvement. In this regard, IT managers are like town mayors who have to put together the right plans, talk to the right people, and have the right tools as the hurricanes come bearing down on their vital systems. 

 Many organizations do not have the tools to develop and update response plans easily or efficiently, much less the ability to quickly reconfigure communication tools to go from emergency response to post-action dialog and collaboration, an on-the-fly transition that we've built Veoci to handle. Security, network, forensics and applications teams, as well as executives, legal, media, and PR all need to be connected and the flow of information managed between emergencies as much as during them.  Tools are often over-optimized for one or the other. Veoci does both, seamlessly. photo credit: Takashi(aes256) via photopincc

Subscribe to the Veoci Blog

Receive all the latest emergency, crisis, and continuity management news, tips, and advice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Getting the Most Out of Real-World Exercises

Exercising a BCP is rarely as simple as the online guides suggest. A business continuity manager has to jump through a lot of hoops to get that final, show-ready polish on a BCP. They’re often chasing buy-in from each corner of the organization and bugging business unit leads and department managers to test BCPs and record the outcomes. What can a business continuity manager do to encourage the heads in their organizations to actively participate and do their part in preparing for disruptions?

Continue reading
How IT Outages Affect Businesses: Recognizing and Preventing Outages

How much damage can a business system outage cause? As is pretty clear these days, they happen often, and can have serious impact. Take, for example, Visa’s payment network outage. On June 1st, 2018, Visa’s payment system in Europe went down for nearly ten hours, halting many personal and bank transactions. The massive, complex nature of the system made it difficult to pinpoint the root cause of the outage, adding hours of downtime and many degrees of frustration for the company’s customers. After performing their root cause analysis, the company identified a “very rare partial failure” of a switch in one of their data centers as the cause of the outage.

Continue reading
Top 5 Takeaways from DRI 2019

If there was one very clear theme to this year’s DRI conference in Las Vegas, it was the importance of having a diverse community in the world of business continuity management (BCM). From the sessions to the talking points in the exhibit hall, it’s clear that the future of BCM depends on having a strong and diverse community of practitioners and leaders. Here’s our top 5 takeaways from DRI 2019.

Continue reading

Connect with us on Social Media

Join us on our journey to improve emergency, operations, and continuity management!

Veoci Facebook PageVeoci Twitter AccountVeoci Linkedin Company Page

Face crisis and continuity challenges with expert solutions designed for you and your teams.

Learn how Veoci puts you in control