Google Outage Reminds Us All of the Importance of an Incident Plan

Google's services went down on Monday in a massive outage that prevented millions of users from accessing Gmail, Google Docs, or YouTube accounts, and over the weekend, Microsoft users in Europe experienced disruptions to Office 365 services. More the 'norm' than ever before and impacting unprepared companies and individuals at unprecedented levels, these types of service interruptions are prime reminders that disruptions can happen to anyone, at any time.

It is anticipated that by 2025, 55% of the data stored by organizations and consumers will be stored in the cloud, as the desire to be connected and provided with real-time data continues to accelerate cloud adoption and data creation.¹

It brings to mind the adage, "An ounce of prevention is worth a pound of cure." While it isn't possible to completely prevent business interruption following a service outage, you can prepare for them. Companies that are ill-prepared for a sudden loss of system access caused by human error, outside threat actors, or disgruntled employees are at a greater risk for longer-term business disruption than those that have a response plan in place.

In our October 2020 blog entry, we outline how the collection and preservation of data creates a critical link between the incident and future litigation and resolution. At the outset of any event, it isn't known if there will be litigation or even if there needs to be an investigation into its cause. However, the response plan that organizations have in place should be designed to assume that there will be. Any missteps early in the process could damage or destroy evidence that may be present to outline the chain of events and potentially attribute it to a particular user or responsible party, whether they're an internal employee, outsourced agency, or threat actors from outside the organization.

To avoid these missteps, it is imperative to have your incident plan, and incident response team in place prior to any event occurring. It is often difficult to demonstrate a good return on investment for a hypothetical issue that may not happen. But, once the incident occurs, trying to respond effectively during a crisis without a well-thought-out plan can be disastrous. Common implications are significantly increased costs and delayed resolutions to bringing your company back online and getting expert assistance without having time on your side to vet the best possible external support available. Recent events involving highly organized threat actors increased lay-offs, and retaliatory actions of disgruntled employees, coupled with society's reliance on cloud storage in the coming years, signal that these threat events are a matter of 'when,' not 'if.'

By planning, organizations can take the time required to properly secure response team members from outside of the organization. The specialized knowledge and experience that a qualified outside vendor can bring to the process are invaluable. But, in addition to this is a sense of objectivity that a neutral third party brings to the table, additional resources that can be applied in a time of crisis, and in the case of forensics a team that can follow the matter to court.

If you are interested in learning more about how Envista's Digital Forensics team can support your organization in developing a sound technology litigation response plan for cyber events, employment disputes, or suspected intellectual property theft, please contact us. We'll be happy to have an initial conversation about your needs and where our experts can contribute to reducing the risk to you and your organization.

Source: ¹https://www.seagate.com/files/www-content/our-story/trends/files/data-age-us-idc.pdf