Risk
10/30/2008
11:36 AM
Gayle Kesten
Gayle Kesten
Commentary
Connect Directly
RSS
E-Mail
50%
50%

What Horror Movies Can Teach Us About Disaster Recovery

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?"In fact, there are a slew of correlations between disaster planning and the frightening scenarios played out on the big screen," according to SearchCIO-Midmarket.com executive editor Kate Evans-Correia, who discussed those similarities with Pat Corcoran, global client solutions executive with IBM Global Technology and Business Continuity & Resiliency Services

Just in time for Halloween, too. Showtime:

fin Pictures, Images and PhotosJaws: Corcoran points to the stubbornness of the captain, his "I can do out there, I know what I need to do" attitude. "But he didn't know," Corcoran says. "His greed got in the way of him conducting a risk analysis of what he could face." When he met up with Jaws, he wasn't prepared for the magnitude of the situation: His boat was too small, and he didn't have right equipment. The tragedy that followed can be reality, Corcoran adds. "Sometimes in business when people look at the risks and vulnerabilities they need to worry about, they think only of common events. But you have to look at multiple possibilities, both internal and external to your organization."

The Exorcist: The movie that forever changed the way we look at pea soup underscores the importance of anticipating change, according to Corcoran. "There were a lot of changes going on throughout the whole movie," he says. "Change is something we all have to be ready for because when it does happen, it affects your risk, your vulnerability, and your level of maturity in regard to business continuity. When change takes place, you also have to ensure your business continuity and disaster recovery plans are kept current. If they had a business continuity plan in the movie, you would have never known it because they were just reacting to the moment."

Jurassic Park: At the risk of mixing movie phrases, what we have here is a failure to communicate. "They had a great idea, but they didn't really address the risks. Some people knew the high-risk areas, but they didn't communicate that properly with the right people," Corcoran say. "So when the power went out and failures occurred at the park, the risks they were trying to hide became much bigger. The result was like a domino effect because of something so simple ignored up-front."

When A Stranger Calls: Have you checked your employees? They're the most important element of business continuity should disaster strike, Corcoran says. "When certain things happen, do your people know what to do? Do they know where to go? Do you know how to reach them?" he asks. "Companies need to do a better job of knowing where their people are and having those folks know their roles and responsibilities. Another movie takeaway: The caller was inside the house. "That's the pinnacle of being scared," Corcoran says. "In business, a major vulnerability we're seeing over time is coming internally...When you're putting together a business continuity plan, you need to look at the internal organization just as much as you look outside as a risk to your company. "

POLTERGEIST Pictures, Images and PhotosPoltergeist: Poltergeists are usually associated with individuals for a short duration, Corcoran explains, "so people had certain expectations." In the movie, those stubborn spirits stuck around even after Carole Anne was saved from the light. "What you think may be a short duration could wind up being a long duration," says Corcoran, using a power outage as an example: It could last 10 minutes, or it could be a half-day event. "You have to look at every scenario and really think about how long it'll take" to fix and when you should declare a disaster, he says.

A second takeaway: Be mindful of your location. In Poltergeist, the house was built on top of a graveyard. "I was talking to a power company out west. I asked if they did any vulnerability assessments around the area. They said they did some," Corcoran recalls. "I asked, 'What about the train that goes by yourmain headquarters about 100 yards? What kinds of materials are transported?' They had no idea. 'How often does that train go through?' No idea. I said, 'What if there was a chlorine leak right after a derailment right outside your door? What would you do?' They hadn't thought it out."

Terminator: I'll be back! "When you have a disaster, like a flood, you think it'll never happen again. Don't think that way. Trust it'll be back," Corcoran says. "Or if you have an audit and the auditor sees you don't have the right programs built around business continuity, you'll fail, and they'll be back six months later." Bottom line, he says: "Expect the disaster to come back."

Alien: The movie has plenty of officers, but the characters didn't really know who to go to make decisions. "In a disaster you need to be prepared," Corcoran says. "You need to know who is in control when there's a lot of stress being put upon people. You need to know who to go to at the right time."

Think about the horror movies you've seen; what nuggets of wisdom can you glean in terms of disaster planning/recovery and business continuity? Share them below.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.