Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/30/2008
11:36 AM
Jim Manico
Jim Manico
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

What Horror Movies Can Teach Us About Disaster Recovery

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?

Sharks in the water. Spinning heads. Freaky clowns. Who knew those flicks we paid good money to scare the living daylights out of us, and forced us to invest in nightlights, bore lessons applicable to disaster recovery and business continuity?"In fact, there are a slew of correlations between disaster planning and the frightening scenarios played out on the big screen," according to SearchCIO-Midmarket.com executive editor Kate Evans-Correia, who discussed those similarities with Pat Corcoran, global client solutions executive with IBM Global Technology and Business Continuity & Resiliency Services

Just in time for Halloween, too. Showtime:

fin Pictures, Images and PhotosJaws: Corcoran points to the stubbornness of the captain, his "I can do out there, I know what I need to do" attitude. "But he didn't know," Corcoran says. "His greed got in the way of him conducting a risk analysis of what he could face." When he met up with Jaws, he wasn't prepared for the magnitude of the situation: His boat was too small, and he didn't have right equipment. The tragedy that followed can be reality, Corcoran adds. "Sometimes in business when people look at the risks and vulnerabilities they need to worry about, they think only of common events. But you have to look at multiple possibilities, both internal and external to your organization."

The Exorcist: The movie that forever changed the way we look at pea soup underscores the importance of anticipating change, according to Corcoran. "There were a lot of changes going on throughout the whole movie," he says. "Change is something we all have to be ready for because when it does happen, it affects your risk, your vulnerability, and your level of maturity in regard to business continuity. When change takes place, you also have to ensure your business continuity and disaster recovery plans are kept current. If they had a business continuity plan in the movie, you would have never known it because they were just reacting to the moment."

Jurassic Park: At the risk of mixing movie phrases, what we have here is a failure to communicate. "They had a great idea, but they didn't really address the risks. Some people knew the high-risk areas, but they didn't communicate that properly with the right people," Corcoran say. "So when the power went out and failures occurred at the park, the risks they were trying to hide became much bigger. The result was like a domino effect because of something so simple ignored up-front."

When A Stranger Calls: Have you checked your employees? They're the most important element of business continuity should disaster strike, Corcoran says. "When certain things happen, do your people know what to do? Do they know where to go? Do you know how to reach them?" he asks. "Companies need to do a better job of knowing where their people are and having those folks know their roles and responsibilities. Another movie takeaway: The caller was inside the house. "That's the pinnacle of being scared," Corcoran says. "In business, a major vulnerability we're seeing over time is coming internally...When you're putting together a business continuity plan, you need to look at the internal organization just as much as you look outside as a risk to your company. "

POLTERGEIST Pictures, Images and PhotosPoltergeist: Poltergeists are usually associated with individuals for a short duration, Corcoran explains, "so people had certain expectations." In the movie, those stubborn spirits stuck around even after Carole Anne was saved from the light. "What you think may be a short duration could wind up being a long duration," says Corcoran, using a power outage as an example: It could last 10 minutes, or it could be a half-day event. "You have to look at every scenario and really think about how long it'll take" to fix and when you should declare a disaster, he says.

A second takeaway: Be mindful of your location. In Poltergeist, the house was built on top of a graveyard. "I was talking to a power company out west. I asked if they did any vulnerability assessments around the area. They said they did some," Corcoran recalls. "I asked, 'What about the train that goes by yourmain headquarters about 100 yards? What kinds of materials are transported?' They had no idea. 'How often does that train go through?' No idea. I said, 'What if there was a chlorine leak right after a derailment right outside your door? What would you do?' They hadn't thought it out."

Terminator: I'll be back! "When you have a disaster, like a flood, you think it'll never happen again. Don't think that way. Trust it'll be back," Corcoran says. "Or if you have an audit and the auditor sees you don't have the right programs built around business continuity, you'll fail, and they'll be back six months later." Bottom line, he says: "Expect the disaster to come back."

Alien: The movie has plenty of officers, but the characters didn't really know who to go to make decisions. "In a disaster you need to be prepared," Corcoran says. "You need to know who is in control when there's a lot of stress being put upon people. You need to know who to go to at the right time."

Think about the horror movies you've seen; what nuggets of wisdom can you glean in terms of disaster planning/recovery and business continuity? Share them below.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.