To paraphrase Newton’s Laws of Motion (with credit to Galileo) …
Absent an unbalanced force, an object in motion will stay in motion and an object at rest will stay at rest.
While this holds true for objects in a friction-less environment, it holds true for our businesses as well. Our businesses are in motion, working each day to service our customers with rhythms and cycles throughout each day, week, month, and year.
Our business cycles continue, until we meet an unbalanced force.
Some forces we expect, like changes in the economy that occur over a period of weeks or months. Others forces are event-driven, such as storms, cyber attacks, and key employee departures. The sudden nature of event-driven forces can catch us by surprise, cripple our businesses in the short-term, and disrupt our normal cycles for the long-term.
A Case in Point
A company here in the northeast manufactures and distributes a customized product that customers generally replace or re-order every 2 to 3 years. 80% of the firm’s business is repeat, creating a strong and stable business. The company was hit by ransomware twice in a 3 month period. The first attack, scrambled their files and their servers, but left their financial system in place. They lost a day’s worth of data. The immediate recovery took 3 days; the full recovery took nearly two weeks. After three days of cleaning systems and restoring data, the company’s systems were up and running. They then had to enter the initial day lost data and all of the business activity for the 3 days their systems were down. They allocated 1/3 of everybody’s time to recover the data, reducing productivity by 33% and impacting their responsiveness to customers. To enter the 4 days of missing data took over 10 days with the team working part time.
Inertia Takes Hold
This initial event changed the cycles and motions of the company. Whenever dealing with any business activity during the outage and recovery periods, they need to double check to make sure the information entered was complete and correct. And since some activities, like shipping and invoices related to prior activities, they need to double-check these connections. Long after the two week recovery period, productivity is still down as the company’s daily motion now includes double-checking information that they are not sure they can trust.
Lesson NOT Learned
With so much focus on getting the business back into its normal rhythm, and the additional cost involved, the company did not act on recommendations that could help prevent a future attack and better ensure their ability to recover should a future attack occur. Whether the second attack was a different attack or they had failed to fully clean their systems does not matter. The second attack was not caught until after the company’s backup server was hit, rendering their backups useless. The company lost three years of data.
Inertia Creates a New Cycle
To recover from this attack took more than balancing data entry and on-going business. It was not feasible to manually recreate three years of data. While entering about 6 months of data for the fiscal year, they settled for a solution that created new methods and rhythms with long-term effects. They recalled all of their paper records from storage into an expanded warehouse space. When a customer calls to re-order product they ordered 2 or 3 years ago, they search and retrieve the physical paperwork so they can create the new order. Every returning customer creates a scramble to find the paperwork in short order. Actions required in an emergency become part of the new normal. Inertia.
What You Can Do
You can be prepared with solutions that balance external forces beyond your control.
- An educated and aware workforce balances the human manipulation that enables cyber attacks
- Advanced threat, DNS, and web protections balance the forces of cyber attacks hitting us daily.
- A robust backup/recovery and continuity system balances the forceful impact of disruptive events, giving you the ability to be up and running in hours not days.
If the company in our case study had implemented the recommended solutions after the first attack, they second attack would have disrupted the business for less than half a day — and may not have happened at all. The investment in communication, prevention, and recovery, while not trivial, was minor compared to the short term recovery and long term impact on the business.
If you are not ready or willing to have your business’ inertia redirected by forces beyond your control, now is the time to act.
Contact us for a free, no obligation, Cloud Advisor Session to discuss your business recovery and continuity needs and plans.