Businesses of every stripe need to get to grips with some of the fundamental threats they’ll face in 2023, and that means tightening up their operational security.
Every second, Twitter publishes 9,500 tweets, adding up to 500 million messages every day. That sounds like a lot until you consider that hosting companies in the capital markets sector are monitoring up to 1.4 trillion data events each day, or 16 million every second.
“For our customers, data loss or downtime isn’t an option,” explains Stephen Morrow, chief operating officer of Options Technology, which provides secure IT infrastructure to the capital markets sector. “Ensuring consistent access to data and resources means keeping ahead of any potential risk to security or business continuity.”
That’s no small task in 2023, as businesses in all sectors must be prepared for a range of emerging threats to business continuity. “Over the last 18 months we’ve seen a series of emerging threats to operational security at the same time customers are facing increasing regulatory requirements to demonstrate that they can manage these risks,” says Morrow.
It all means that, to prepare for and mitigate five key risks to operational security in the year ahead, business leaders must review risk assessments and business continuity plans. So, are you ready to handle these risks?
- Sector-related risk
Last year, there were an unprecedented number of operational security issues in the capital markets sector, says Morrow, but the number and severity of operational incidents is increasing across most industries. “It doesn’t matter what business sector you’re in, there is some sector-specific risk that you need to manage and be aware of,” he says.
Overall, businesses should expect markets to change more quickly and to experience more volatility, says Morrow.
This requires companies to speed up reaction times, and to utilise data to increase visibility of market trends and changes. During periods of change, Morrow advises against pausing trans-formation projects. “What you often see during volatility is that businesses reduce change because they’re focused on protecting operations. Everything gets put on hold, which means work gets backed up and projects are delayed. That can have a bigger impact than whatever risk was presented by the volatility in the first place.”
Companies should also be boosting communication across the business, adds Morrow. “In many sectors we have been disconnected from our col-leagues for two years, and that makes it hard to know your sector inside out, and to see what’s changing,” he says. “Now’s the time to get out there and meet with partners, vendors, clients. Look at how you can be more attuned to the sector, and I think that is best done by talking to other people, face to face.”
- Climate change
Last year, Option Technology’s data centres saw record temperatures in some locations, with peaks higher than 40 degrees. “That’s a phenomenal temperature, and some servers will shut down between 40 and 50 degrees,” says Morrow. “So you’re managing that with chillers running at full blast, only to get into winter and have warnings of record cold temperatures.”
Many data centres were built at a time when such temperature extremes were not the norm, so plans need to be reassessed and facilities updated. “We replaced two of our chillers this time last year to better regulate the temperature within the data centre. It’s also potentially thinking about the servers and what they’re able to handle. Are they appropriately distributed within the location?”
It wasn’t just data centres that were under strain: last summer Options Technology had to cope with damaged cable which was melting while it was being laid. “We used to worry about the dangers associated with submarine cable and networking, but now it’s important to consider where cable is laid because of risks associated with heat and flooding,” says Morrow.
Companies must update risk assessment plans in light of changing weather patterns as a priority, says Morrow. Now is the time for businesses to pre-pare for climate change, if they haven’t already. “This is real, it’s here, and we need to be prepared for hot summers, cold winters and more frequent flooding,” he says.
- Energy crisis
The second major issue facing organisations is potential instability in energy supply and the rising cost of energy. “In our data centre we have doubled down on our own fuel reserves, so we can run the data centre for as much as six days without external power. We also took on a new generator in direct response to the energy risk, which was a big concern in the last few months,” says Morrow.
Be sure you’re asking your data centres and IT service providers how they have prepared for potential energy stability. Morrow suggests checking on things like fuel capacity, fuel quality and the frequency of generator testing, to ensure your provider is well prepared.
- Supply chain risk
With increased supply chain volatility, widespread delays and shortages of components, Morrow says that businesses should consider moving away from just in time supply chains to a ‘just in case’ model.
The major threat to operational security in 2023 in the supply chain comes from the difficulty many organisations face in sourcing stock. “The chip shortage has had a major impact on our supply chain,” says Morrow. “Last year we would be requesting equipment, and someone would call two weeks later and tell you that you could get hold of what you needed, but there would be a 12 or 18 month delay.” The result was missing out on potential business because Options Technology simply couldn’t guarantee new customers that the right technology could be sourced to support them.
“We completely flipped the model and went and bought a lot of stock,” Morrow says. The company standardised on specific products and platforms, allowing them to buy in bulk, and reduce the complexity of procurement. “That has given us a lead over competitors, and for now, our approach is just in case, not just in time.”
- Conflict and geopolitical risk
In some respects, global conflict is the hardest operational risk to mitigate because we are often not in a position to predict or influence global events. What we can do is consider how global instability is affecting not just power supplies but the threat of cyber attacks, and make strong defensive plans, says Morrow.
“In 2023, we are seeing a step change in cybersecurity, with a massive growth in bad actors, state-sponsored actions and cybersecurity attacks and threats,” he says. “We need to ensure that every part of the IT infrastructure is hardened, and particularly invest in cyber security training to ensure we’re all less vulnerable to attack.”
For businesses, this could also mean reconsidering potential cyber-security risks, and taking steps to protect critical data and services with robust back-up policies and patching schedules, Morrow adds.