It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For 2016, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.
As you’ve probably already noticed, the common factor is technology. 2016 was rather quieter on the natural disaster front, but let’s go through the things that caught our attention over the last 11 or 12 months.
National Business Continuity
This is business continuity by the country or by the continent. No natural disaster for 2016 made it into the top ten lists of all time catastrophes, so we should perhaps count our blessings. Even Hurricane Matthew sweeping across the eastern seaboard of the US in October and November could not rate more than a temporary mention in the news.
The Zika virus tragically claimed some lives internationally, although infections did not reach pandemic levels. Meanwhile, a report from Verisk Maplesoft indicated that if a natural disaster were to hit certain countries, resilience could differ by a factor of almost five (Japan was rated 4.95 times more able to recover than Bangladesh, for example).
National Business IT Security
In the Netherlands, Dutch enterprises came under the legal obligation from January 2016 to report data breaches and attacks. While organisations and businesses in specific sectors in various countries already have such an obligation (for example, in the healthcare sector in the US, albeit in certain situations), making this a blanket requirement for business was a novelty.
In Australia, the government published its 2016 Defence Whitepaper, in which the cyber defence strategy remained so confidential that it was not discussed – or (gasp) because there wasn’t one?
Cyber Attacks (the Big Ones)
Our two candidates for the top attacks include discovery of theft by spelling error and attack by toaster. Let’s explain. In February, the Bangladeshi central bank was robbed of approximately US $80 million in a cyber theft involving the US Federal Reserve. The thieves sent fake transfer requests to the Fed and managed to get the Bangladeshi bank money transferred from the bank’s account with the Fed to their own accounts elsewhere.
They might have got up to $1 billion, if a Fed official had not spotted a suspicious spelling mistake in one of the fake transfer orders. The second case, in October, was the massive distributed denial of service attack on Domain Name Service provider Dyn, causing massive unavailability of major Internet platforms. The attack was perpetrated by a botnet of devices from the Internet of Things (printers, webcams, baby monitors, and probably at least one toaster).
PayPass and payWave cards made ripples in Australia as news of vulnerability to hacking came from police and NFC (near field communication) experts. Tap and Go was apparently too close to Hack and Go for their liking. The banks remained confident that no added hacking risk existed.
On the other side of the world, Mark Zuckerberg promoted the idea that businesses should move massively to using Facebook’s Messenger app, possibly trying to carve out a chunk of the Internet for Facebook at the same time. However, while this may be pure supposition, the soon-to-be most powerful man in the world (Donald Trump, US President-elect) already stated his intention to divide up the Internet and have enterprises like US telcos run the different pieces.
This may not bode well for global cyber continuity. Although speaking of the same, European and American police teams came to the conclusion that, unfortunately, cyber criminals were starting to understand the principles of business continuity a little too well, and building attack botnets that were increasingly resilient to law enforcement counterattacks.
Many of the big players suffered outages and corresponding media attention in 2016. Verizon, Twitter, Microsoft, and Amazon all went offline somewhere when they were not supposed to. For Amazon, the outage was in Australia, when storms took out Amazon’s Sydney web services and data centre facilities. Apart from Dyn (see above), however, there was little news of criminal intent. Nature and human error seemed to be the main causes.
We close our round-up of business continuity with the problems of a large smartphone vendor. Samsung’s Galaxy Note 7 phone hit the news in about the worst way possible, as phones caught fire (literally).
But the business continuity story goes further. To start with, Samsung’s smartphone range is something of a flagship for the company, and bad publicity there could have a significant impact on the rest of Samsung’s business. Next, Samsung in its entirety is responsible for a very large part of the economy of South Korea (estimates of how much vary from, say, 17% to 20%) – Which is how one smartphone can threaten the health of a national economy. So, Happy Rest of 2016 and we look forward to catching up with you again in 2017!