In today’s bulletin, Charlie looks at some factors which are leading to a global increase in incidents and he gives advice on how we can prepare for these incidents.
This week I thought I would share some thoughts I have had for a while on why I believe we are going to see an increase in incidents over the coming years. If you believe this is true, then this underlines the need for resilience within our organisations, and we need to double our efforts to ensure we have assessed our risks, have generic plans with contingency plans for likely events, and have trained and exercised our staff who will respond. We should also increase our resilience by mitigating known risks and developing our response strategies.
There are four main reasons why I think that the number of incidents is going to increase above the baseline of incidents that have always occurred. When I talk about the baseline of incidents, I mean natural disasters such as floods, storms, and tornadoes and also man-made incidents such as plane crashes, pollution, riots, and explosions. The four reasons for an increase in incidents are the changing political landscape, climate change, close coupling and system integration, and cyber incidents.
If we looked at the political landscape fifteen years ago, the world seemed a safer place. There were wars in Iraq and Afghanistan, which were far-off places and not really connected to the mainstream economy. There was a spillover of Islamic terrorism, but this, although deadly, was of limited impact beyond the immediate victims. Our Cold War enemies were now our friends. We all embraced globalisation, rubbed shoulders with Russian tourists on holiday, went to various Russian cities for the Euros football tournament, and bought a huge amount of our goods from China.
We now have a war in Europe, and if the Russians were to succeed on the battlefield in Ukraine, then this could send a huge wave of refugees across the border to Europe. In addition, there is the possibility of Russian incursion into European countries. One of the new ferries for the Western Isles which is desperately needed (I am writing this blog from the Isle of Coll) and being built in Turkey, has been delayed by two months due to supply chain issues, blamed on the attack by the Houthis on Red Sea shipping. There is fighting in the Middle East and the possibility of a proxy war between Iran and Israel. There is the possibility of Trump’s presidency, which could lead to more volatility or changes to the USA’s interface with the world. Over the longer term, there is the possibility of a Chinese invasion of Taiwan, which could have a huge impact on the semiconductor market and possibly the provision of goods from China. With many supply chains being global, any of these conflicts or potential conflicts could impact our organisation. If we accept that the world is a more volatile place than it was in the last decade or two, then we need to make sure that we constantly horizon-scan and try and recognise and mitigate risks before they can have a major impact on our organisations.
2023 was the hottest year on record, with global temperatures exceeding the 1.5°C warning limit outlined in the Paris Agreement. We saw huge wildfires in Canada, Greece, and California. We also saw floods in California, which we think of as a semi-desert. This year, hurricane Beryl became the earliest hurricane on record to reach Category 5 intensity in the Atlantic Ocean. The hurricane season in the Caribbean is getting extended. Climate change has led to more intense weather and has produced weather events in areas that didn’t used to have events. Just because your building has never been affected by a flood, doesn’t mean it might not be in the future. Predicting climate change events and how they might manifest themselves is difficult. If we accept the premise that we are going to get more extreme weather events, they may happen more often and may occur in places and times that haven’t happened before. We need to be prepared to respond to them, and these are likely to increase the number of events we have to deal with.
The recent Crowdstrike incident is a very good example of system integration and close coupling. We build systems for running our organisations, we outsource requirements, and we choose what we think is the best provider. We then upgrade the system, further integrate it with other systems, and introduce more inputs and outputs, adding to its complexity. We use the same resources as hundreds or thousands of other organisations because we see them as the market leaders. In corporate, governmental, or worldwide systems, nobody has an overview of the system, really understands how it works and can see the flaws or the possible incidents, and we continue to layer on the complexity. We then have situations where a routine, simple upgrade of a security software system can cause eight million computers worldwide to be impacted and create ‘the largest IT outage in history’. In a similar way, on the 28th August 2023, the input of a flight plan was enough to take down the NATS (air traffic control in the UK) and cause an impact which led to days of flight disruption. We will continue to outsource key processes within our organisation, rely on utilities to provide us with power and water, and build complexity within our organisations. This close coupling and integration is likely to lead to other incidents similar to Crowdstrike and NATS, which are difficult to foresee and mitigate. Integration and outsourcing lead to competitive advantages and the cost-effective delivery of services, but at the expense of possible system collapse outages.
I read a report from The Record this morning, stating that ‘Ransomware gangs rake in more than $450 million in the first half of 2024’. The report also stated that ransomware attacks were becoming more frequent and were increasing by 10%. Cyber attacks are a relatively new incident phenomenon in that there is a human either deliberately extorting money out of an organisation and, if not paid, destroying their value, damaging reputations, and using up huge amounts of management and technical people’s time and energy. As long as ransoms are paid, this trend will continue, and so we have to accept that cyber attacks will continue to cause incidents and disruptions in our organisation.
The resilience or business continuity manager should be busier than ever, ensuring horizons are scanned, risks are identified, plans are written, and staff are as trained as possible threats increase. We would think that with technology and systems improving, that would eliminate risk, but today, as a profession, the world we are dealing with has never been more dangerous.
