TRENDING:

The Public Eye with Eric Chabrow

BlackBerry Slowdown: Heads Should Roll

Not Necessarily at RIM, but at User Organizations Eric Chabrow (GovInfoSecurity) • October 13, 2011    
BlackBerry Slowdown: Heads Should Roll

Don't be too fast to blame BlackBerry maker Research In Motion for the disruption in the device's service if your organization suffered from the lack of e-mail exchanges. It could be partly your fault as well.

In the end, organizations that rely on technology must be prepared for its breakdown, and the disruption in BlackBerry service is a clear reminder of the danger of relying on just one tool to get work accomplished.

The network that carries the messages to and from BlackBerries, run by the device maker RIM, failed in Europe earlier this week, and a backlog in messages caused a slowdown of service in North America on Wednesday.

Simply, organizations - and individuals, for that matter - must have a business continuity or disaster recovery plan ready for such incidents. If they don't, heads should roll. That point was made in an e-mail exchange - neither of us used BlackBerries - I had with Francoise Gilbert of the IT Law Group, whose specialty is IT security and risk management.

"This should be a reminder to everyone that nothing is infallible, and that they should think of the other technologies or other communications means that they could lose and with respect to which there will be much more serious problems if they cannot access their data," Gilbert says.

Not being prepared is inexcusable. "That is basic Disaster Recovery 101," she says. "Companies that have a realistic, detailed, up-to-date disaster recovery plan should not be affected because they should have thought about the issue ahead of time."

Executives and managers at user organizations responsible for assuring the uninterrupted flow of communications should be accountable if their employees can't use the tools they're given.

"Companies that do not have a disaster recovery plan in place, or where the disaster recovery plan that does not address the loss of communications, should fire whoever is in charge of information systems," she says. "If none exists, then the CFO and the CEO should be fired for not having allocated money and thoughts for a disaster recovery plan. Not having a disaster recovery plan is irresponsible. It is like being on a ship that does not have lifeboats and lifejackets."

Many may find Gilbert's solution as being too extreme. But a constant complaint I've heard repeatedly over the past few years is that when something goes wrong, say a breach, no one seems to take responsibility and no one seems to be punished. Heads may or may not roll when a tool that an organization relies on fails, but those responsible for business continuity must not go Scot free.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.