Recently several high profile Australian companies have suffered from significant cyberattacks resulting in weeks of downtime.
Toll Holdings endured weeks of downtime as nearly its entire infrastructure was ransomware’d in the middle of 2020, and now Eastern Health is struggling through the beginning of its second week with no access to critical patient data, with rolling cancellations and deferments for elective and outpatient case loads.
Toll Holdings had backups, and presumably so does Eastern Health. Yet both experienced huge downtimes, and extensive inefficient manual handling to try and maintain some level of business operations. Which is why its important to realize that Business Continuity is very much more than just having backups.
When we consult with our clients around these goals, it is very much a business-driven discussion. Payroll figures, cost of operations, client expectations, and every stage of a clients logistics process, including financial aspects, needs to be brought together to do some very technically intertwined math.
We are aiming to work out what the cost to business is, including “soft” costs like brand damage and cost of deferrals and delays, for various levels of technology outage. Working out the price of an incident, then leads us to determining a risk profile with real numbers in it.
For some clients it can be $80,000 of cost/loss per day, for others it can be $80,000 per hour. With some tangible analysis around these events, you can then work out what to invest to reduce or remove these outages and their associated losses.
A client in food manufacturing originally had a management intent that 24 hours recovery was acceptable. A hardware failure and a 16 hour recovery time meant that management reassessed and then set a new target recover time of 1 hour. With this attached to the loss of business calculated to an average hour, we were able to design and implement a solution that meant this recovery time objective (RTO) for key business systems.
Using technology that extended on the flexible infrastructure already implemented, this was relatively quick and cost effective, so much so, that our engineers spent some time working at the application layer, and with some judicious extension work around data base replication, we now have sub-second transaction replication, to a tried and tested 15 minute recovery time objective.
There is now confidence that hardware failure, link failure, cybersecurity incident or natural disaster has a reasonable rapid recovery point for the whole of business nationwide, and internationally.
This was not about having backups. This was about consulting with our client, understanding the financial and logistical fundamentals of their business, and implementing a solution that encompassed all key business systems, in a way so as to give management confidence their goals were being met.
The job does not stay done though, as we test and re-test the business continuity plan, to make sure we capture changes in the business on an ongoing basis. When it comes to business continuity it is a continual partnership between business and technology elements.
Let us design a solution for you today to give you real peace of mind.
