Considering the technical knowledge and expert precision that goes into creating tools to combat downtime from ransomware and other cyber-attacks, downtime itself remains a mysterious force.
It’s hard to quantify and qualify, yet crucially needs to be kept as low as possible. Some business leaders aren’t even that concerned.
Time and time again, downtime graces headlines as the crippling effect of successful “big-game hunter” targeted ransomware attacks. While ransomware is certainly a current problem for targeted businesses, downtime is a seasoned business killer.
It’s easy to view ransomware as something that affects only your business's data, but it’s far more than that. While your data is indeed at risk, it’s the function that data serves -and its unavailability - that can have rather dramatic, news-grabbing consequences.
Sure your data might not have easily quantifiable value, but it’s only a small part of the downtime ripple effect - the real problem comes in interruption in business operations. Even if you’re quick to recognize and rectify an attack and your downtime can be remediated, that small halt in operations will equate to lost revenue, lost credibility and perhaps even lost customers.
Picture a miller, for example, producing flour and custom flour mixtures to create bread, pizza dough, buns, and all the other baked products we take for granted in our daily life. Bread by nature is a timely product so even the slightest interruption will have downstream effects. This downtime, affects the entire supply chain from the miller to the end customer waiting for their morning sourdough. Suddenly it’s not just the miller that’s hurt by this downtime, but the buyer, the shops selling the bread and the customers wanting to buy it.
The “cannot be out of bread” scenario is the specific reason why managers of supply chains multi-source. Think about your own supply chain, and let that sink in.
Stay with the miller, the ensuing downtime period resulting from a ransomware attack, would have a direct and considerable impact on the kilos of flour the mill was able to produce and ship per hour. These effects vary from the obvious criticality of the population needing bread, to the more subtle and probably more damaging ripple across the supply chain when it comes to customer loyalty.
Looking at downtime from another angle, though keeping with our bread metaphor, I’ll invite you to picture the average shopper arriving at their local supermarket only to find an entire aisle of empty shelves where the bread should be.
This is an accurate visualization of downtime - nothing on the shelves and therefore the basic components of a business missing. No product means nothing for your business to sell, which means time, resource and revenue effectively going down the drain.
The miller that couldn’t make their custom flour mixtures may only see the immediate effect of the downtime, but the further along the supply chain, the more evident the real and damaging effect. For businesses, death is an empty shelf.
To return to your own organization, customer confidence in a business’ capability to deliver reliably is extremely difficult to quantify, but when dealing with supply chain or customer services, just watch what happens when you can’t.
Intangibles like infosec expenditures make it difficult to prioritize an investment against a new delivery truck that has very tangible costs and benefits. An excellent place to start with quantifying impact, thus justifying the investment to a reluctant CFO, is by building a risk based model they can understand.
For those not seasoned in working with CFOs, exaggeration of costs is not advisable. Work with line of business or public facing stakeholders to show the impact of single or multiple failures, or even a complete IT service outage.
The model should show the risk factors combined with a timeline that shows the phases of the impact versus the necessary expenditure to purchase and implement the right technology to prevent or recover from a ransomware or destructive malware attack. Visualizing that there will be no end product on the metaphorical shelf, may help everyone see things for what they are - and be more inclined to invest in the right technology to protect the business.
Once your business financer is on board, you would be wise to encourage them to invest in the best possible technology to not only defend against any future attacks, but help your business recover if and when a successful attack does take place. The right tech will be able to identify anomalies, analyze threats, and accelerate recovery as necessary in a matter of clicks.
Putting the right tools in place can transform any unscheduled downtime from several hours or days to a matter of seconds, meaning zero ripple effect on the rest of your critical operations. So, next time you’re trying to convince your business to up its security measures, talk to them about bread.