2017 Business Continuity Trends You Need To Watch
In 2016, we saw how business continuity trends can rapidly evolve as various threats take center stage.
- We witnessed the destructive forces of Hurricane Matthew, winter storm Jonas and severe flooding in Louisiana, which shut down more than 7,200 businesses in the state.
- We saw ransomware statistics skyrocket, hitting nearly 40 percent of businesses, according to a report by Osterman Research, with a projected $1 billion in ransom money paid out in 2016.
- The world watched as the most prominent political campaigns in the United States were infiltrated and disrupted with the simplest of phishing attacks.
2017 will undoubtedly bring more of the same disaster scenarios, both natural and manmade. And there will likely be a few surprises along the way. To be prepared, businesses must constantly adapt their disaster recovery plan as new threats emerge.
In this guide, we’ll look at some of the key business continuity trends for 2017, based on the increased prevalence of certain threats, as well as emerging technologies that are helping organizations stay protected.
New Threats, Same Challenges
Common obstacles standing in the way of disaster preparedness
Business continuity failure statistics can be startling. More than 40 percent of businesses will never reopen after a major natural disaster, according to the U.S. Federal Emergency Management Agency. Among those that do, roughly 70 percent last two years.
Data recovery statistics are equally alarming. By some estimates, 70 percent of companies go out of business after a major data loss.
Think about that for a second. A business has a greater initial chance of survival after being hit by a natural disaster than by losing its data.
This is a prime example of how business continuity trends have evolved over the years. More businesses are shifting their disaster-preparedness resources to protecting their IT systems, infrastructure and data backup technologies.
But even as the threats evolve, many organizations still face the same fundamental challenges:
- Influencing stakeholders to invest more in business continuity
When budgets are already strapped, IT managers often report difficulty in selling the importance of disaster planning to key decision-makers
- Improving interdepartmental communication to maintain the business continuity plan (BCP)
For a BCP to be effective, representatives of every department must be actively involved in defining their recovery processes and personnel
- Tracking industry-specific business continuity trends to identify new risks and solutions
Small business owners and IT departments are typically already swamped with urgent tasks that prevent them from devoting more time to risk assessment
- Establishing disaster recovery teams and organizing ongoing training
No single person can effectively implement and manage a continuity strategy. However, it is often difficult to establish dependable response teams, especially at businesses with higher employee turnover.
- Defining an ongoing schedule (and finding time) for updating the BCP
Let’s face it – it’s not easy to set aside a few hours each week (or each month, for that matter) to work on the BCP. But to be truly prepared for a major operational disruption, businesses absolutely must keep their recovery plan up to date and maintain it on a regular basis.
Unfortunately, these business continuity challenges are extremely common. They are the obstacles that prevent organizations from adequately preparing for a worst-case scenario. And, they’re the reasons behind the alarming statistics mentioned above.
On the flip side, even the most forward-thinking organization won’t be 100-percent prepared for every possible event. After all, no one can predict what tomorrow will bring. But by continually performing risk assessments, following the trends, and updating the BCP accordingly, businesses can significantly reduce the chances of a devastating shutdown.
Here are some areas to keep an eye on in 2017 and beyond.
Business Continuity Trends 2017
Emerging threats and solutions to consider this year
Where are things headed in 2017? How do they differ from the business continuity trends in 2016? What threats pose new risks for businesses in the year ahead, and how are other organizations already implementing preventative measures?
As businesses reevaluate their business continuity plans for 2017, some underlying trends have begun to emerge.
1) Ransomware Prevention & Response
Fighting malware is not a new concept for most businesses. But ransomware poses a unique, more complex threat that isn’t going away any time soon.
“Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them,” writes the FBI in its report on cybercrime.
Ransomware incidents have been occurring for years. But according to the FBI, the numbers have been exploding.
The two-pronged nature of ransomware demands a different continuity approach than that of traditional malware. Businesses must consider:
- What can we do to prevent a ransomware incident from happening?
- What are our options if such an event does happen?
Comprehensive anti-malware protection is of course critical for ransomware prevention. But that’s only one part of the picture. Prevention should also include training employees on the threat of ransomware and on important measures for protecting the company’s data.
Being able to quickly restore data—without ever considering paying a ransom (which the FBI strongly discourages)—is also key to resolving a ransomware incident.
The business continuity plan should consider:
- Backups: Is data being backed up regularly? Where and how? Can those backups be used in response to a ransomware incident?
- Vulnerability: What risks currently exist? What needs to be done to remove vulnerability (patches, application whitelisting, staff training, virus protection, access controls and so on)?
- Operational downtime: How would operations be impacted? For how long?
It’s no secret that ransomware was already a prominent threat among disaster recovery statistics for 2015 and 2016. But as many organizations have been slow to react, and as the malware infections have become more sophisticated, it’s more critical than ever for businesses to take preventative action.
Early detection is also crucial. But it’s even better when integrated within an organization’s existing data protection system. For instance, the newest business continuity solutions from Datto now feature ransomware detection built-in, so that administrators are notified when ransomware is detected, allowing them to quickly revert to a previous backup. Built-in ransowware detection tools like this will be an interesting trend to watch in the year ahead.
2) Hybrid Cloud Data Backups
Data backup and recovery solutions continue to evolve as organizations look for more secure ways to store, replicate and recover their data rapidly.
The importance of having a secure, reliable backup process hasn’t changed. But how and where those backups are stored is part of an ever-expanding conversation. What’s more, each business has its own methodology for backing up data, based on its operational needs.
Also, with an increasingly complex landscape of backup solutions to choose from, organizations are returning to some fundamental questions:
- How can we ensure proper redundancy of on-site data, especially in a localized event (such as a fire or flood)?
- What are the most secure options for backing up data off-site?
- How can we increase the speed of data recovery after a critical event?
- How can we ensure the integrity of our backups?
Often, a central question in this conversation is whether backups should be happening on-site or off-site. But in fact, the answer is increasingly both.
Hybrid cloud solutions from companies like Datto enable organizations to ensure that data is always available, both locally and in the cloud.
- Cloud: The cloud backups provide the insurance of having critical data away from the business’s operations, where it might be vulnerable to an on-site disaster.
- Local: The local backups ensure the fastest recovery possible.
Another key benefit to solutions like Datto’s is that the backups aren’t dependent on previous snapshots. Physical devices are automatically mirrored in the cloud, and each backup is a fully bootable virtual machine. This virtually eliminates recovery time.
A recent survey found that nearly 90% of IT decision-makers plan to implement a cloud backup solution in 2017, so the hybrid cloud will be an important technology to watch.
3) Internet of Things (IoT) Security Protocols
Traditionally, the conversation surrounding IoT has been limited to consumers. But this is a rapidly growing industry—with increasingly dangerous security holes—that is increasingly entering the workplace.
Internet-connected devices have numerous vulnerabilities that open them up to hackers and malware.
In 2016, cybersecurity researchers at University of Michigan successfully hacked into a Samsung smart-system, enabling them take over control of the entire system. In October, a widespread Internet outage, which brought down behemoths like Twitter and Reddit, was traced backed to IoT malware known as Mirai. Mirai manipulated its infected IoT devices to cause a massive denial of service (DoS) attack.
This presents an emerging security challenge to IT teams at a time when such devices are becoming more common in office settings.
Employees are bringing their Wifi speakers into their cubicals. They’re installing the devices’ software on their work desktops. They’re using wearables, mobile apps, and even smart lightbulbs on their desks.
But this isn’t just a personnel issue. Organizations themselves are increasingly adding IoT devices to automate business processes. All of these devices are transmitting data through the workplace network and creating enormous security risks.
A recent Forrester report outlined a number of important technologies and protocols for IoT security in the workplace, including:
- Company policies that restrict or limit use of IoT devices
- Data encryption to and from IoT devices
- Device authentication
- Blockchain technology to create secure mesh networks for IoT to interconnect
Gartner estimates that more than 20 million IoT devices will be in use by 2020. Organizations need to address the vulnerability of such devices as part of their continuity planning.
Additional Trends to Watch
- Climate-related disaster: No conversation about business continuity is complete without considering the risks of natural disasters. As we learn more about the impact of climate change, businesses in at-risk areas (coastal cities and flood-prone regions, for example) will need to place more emphasis on such threats in their continuity planning.
- Machine Learning (ML) & Artificial Intelligence (AI): ML and AI are among Gartner’s top 10 strategic technology trends for 2017 “with significant disruptive potential over the next five years.” Naturally, as these systems become more integrated in both company hardware and software, they create new security challenges that need to be addressed in the BCP.
- Screenshot Data Backup Verification: Another important development in data backup has been screenshot verification. Since traditional backups are notorious for high failure rates, checking the integrity of the backups is crucial. Screenshot verification adds an added layer of protection. Automated mock recoveries occur on a virtual machine and a “screenshot” is produced to show the backup was successful.