Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/30/2008
11:36 AM
Jim Manico
Jim Manico
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

What Horror Movies Can Teach Us About Disaster Recovery

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?"In fact, there are a slew of correlations between disaster planning and the frightening scenarios played out on the big screen," according to SearchCIO-Midmarket.com executive editor Kate Evans-Correia, who discussed those similarities with Pat Corcoran, global client solutions executive with IBM Global Technology and Business Continuity & Resiliency Services

Just in time for Halloween, too. Showtime:

fin Pictures, Images and PhotosJaws: Corcoran points to the stubbornness of the captain, his "I can do out there, I know what I need to do" attitude. "But he didn't know," Corcoran says. "His greed got in the way of him conducting a risk analysis of what he could face." When he met up with Jaws, he wasn't prepared for the magnitude of the situation: His boat was too small, and he didn't have right equipment. The tragedy that followed can be reality, Corcoran adds. "Sometimes in business when people look at the risks and vulnerabilities they need to worry about, they think only of common events. But you have to look at multiple possibilities, both internal and external to your organization."

The Exorcist: The movie that forever changed the way we look at pea soup underscores the importance of anticipating change, according to Corcoran. "There were a lot of changes going on throughout the whole movie," he says. "Change is something we all have to be ready for because when it does happen, it affects your risk, your vulnerability, and your level of maturity in regard to business continuity. When change takes place, you also have to ensure your business continuity and disaster recovery plans are kept current. If they had a business continuity plan in the movie, you would have never known it because they were just reacting to the moment."

Jurassic Park: At the risk of mixing movie phrases, what we have here is a failure to communicate. "They had a great idea, but they didn't really address the risks. Some people knew the high-risk areas, but they didn't communicate that properly with the right people," Corcoran say. "So when the power went out and failures occurred at the park, the risks they were trying to hide became much bigger. The result was like a domino effect because of something so simple ignored up-front."

When A Stranger Calls: Have you checked your employees? They're the most important element of business continuity should disaster strike, Corcoran says. "When certain things happen, do your people know what to do? Do they know where to go? Do you know how to reach them?" he asks. "Companies need to do a better job of knowing where their people are and having those folks know their roles and responsibilities. Another movie takeaway: The caller was inside the house. "That's the pinnacle of being scared," Corcoran says. "In business, a major vulnerability we're seeing over time is coming internally...When you're putting together a business continuity plan, you need to look at the internal organization just as much as you look outside as a risk to your company. "

POLTERGEIST Pictures, Images and PhotosPoltergeist: Poltergeists are usually associated with individuals for a short duration, Corcoran explains, "so people had certain expectations." In the movie, those stubborn spirits stuck around even after Carole Anne was saved from the light. "What you think may be a short duration could wind up being a long duration," says Corcoran, using a power outage as an example: It could last 10 minutes, or it could be a half-day event. "You have to look at every scenario and really think about how long it'll take" to fix and when you should declare a disaster, he says.

A second takeaway: Be mindful of your location. In Poltergeist, the house was built on top of a graveyard. "I was talking to a power company out west. I asked if they did any vulnerability assessments around the area. They said they did some," Corcoran recalls. "I asked, 'What about the train that goes by yourmain headquarters about 100 yards? What kinds of materials are transported?' They had no idea. 'How often does that train go through?' No idea. I said, 'What if there was a chlorine leak right after a derailment right outside your door? What would you do?' They hadn't thought it out."

Terminator: I'll be back! "When you have a disaster, like a flood, you think it'll never happen again. Don't think that way. Trust it'll be back," Corcoran says. "Or if you have an audit and the auditor sees you don't have the right programs built around business continuity, you'll fail, and they'll be back six months later." Bottom line, he says: "Expect the disaster to come back."

Alien: The movie has plenty of officers, but the characters didn't really know who to go to make decisions. "In a disaster you need to be prepared," Corcoran says. "You need to know who is in control when there's a lot of stress being put upon people. You need to know who to go to at the right time."

Think about the horror movies you've seen; what nuggets of wisdom can you glean in terms of disaster planning/recovery and business continuity? Share them below.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...