Between WannaCry Ransomware encrypting thousands of businesses and British Airways going offline in the past few weeks, it seems like the Internet Highway fell into a sinkhole. Are companies large and small stuck in a reality of having their businesses go dark, losing thousands to millions of dollars?
The answer is a simple 'no'. There is a similarity to what happened to hospitals' data being encrypted and an airline going dark. None of this would have happened, or could have been mitigated with proper processes in place.
Ransomware can be fought on different fronts from up to date security software and hardware, and, in worst case scenarios, recent backups that are not affected by encryption. Many companies affected by this malware did not have the proper processes in place to test defenses and recourses available. As a result, the small cost of insurance was replaced with the higher price of lost revenue, client and customer sales, and trust by the public in these firms.
With British Airways, the process of documenting and testing procedures cost them over $100 million when a technician pulled a wrong plug. Yes, one person pulling one plug caused the chaos and public relation storm for a large corporation! Again, redundancies and backups are essential, but are only good if they work. Without testing and documenting, a simple action can put a company out of business.
I hear companies I meet with talk about disaster recovery and being 'fine'. When I ask if it is tested and documented, there is sometimes a pause in their answer. It is in that pause I know they are not 'fine'. Developing a process and writing it down in the event something bad happens will save you from taking a potential fatal pause.