Business lessons from #CensusFail: Always plan for the worst
Whatever business you’re in, fortune favours the prepared when it comes to major IT projects.
The Australian Bureau of Statistics was left with egg on its face after the nationwide Census website went into meltdown on the big day, leaving millions of Australians staring at an error message. The site remained offline for days, calling into question how prepared the ABS and its tech partners were to cope with a disaster.
There’ll be plenty of blame to share around as all the details come to light, amid debate as to whether the census was felled by hackers or whether the site simply crumbled under the load as millions of Australians attempted to log in after dinner to fill out the census forms.
The bureau insists it wasn’t actually hacked, instead the census site was the target of several Distributed Denial of Service (DDoS) attacks, which basically means that hackers hit it with a stampede of fake visitors in order to overwhelm the servers and stop legitimate visitors reaching the site.
The Minister responsible likened it to someone parking a truck across your business’ driveway to block all traffic but that’s a clumsy analogy. Think of it more like someone diverting all the cars off the freeway through your drive-through, running you off your feet while creating a massive traffic jam that stops legitimate customers getting through.
At this point hackers haven’t broken into your store but they’ve still brought your business to a standstill. To be fair, hackers are known to use DDoS attacks as a smokescreen to cover their attempts to actually break in the back door, which is part of the reason why the ABS panicked and pulled the plug.
You can’t blame the ABS for the fact that the Census was attacked by hackers but you can blame it for not being better prepared considering the DDoS attacks are common – especially against high-profile targets that have publicly assured everyone that they’re prepared for anything.
There are safeguards to minimise the impact of DDoS attacks and what’s really damning are reports that the ABS declined the offer of robust DDoS protection from its internet provider. Instead it put in place basic safeguards that failed to do the job.
Your business probably doesn’t embark on projects as ambitious as running a national census of 24 million people but a major disaster can be just as damaging to your reputation in the eyes of your customers. The confidence of your customers is hard to earn and even harder to win back when you drop the ball.
Make sure you play devil’s advocate during the planning stage on any major IT project and ask all those awkward “what if” questions. The key to success is planning for failure, rather than insisting it’ll be right on the night.