A faulty update from cybersecurity firm CrowdStrike sent shockwaves through the business world on July 19. Millions of Windows machines crashed, disrupting airlines, hospitals, stock exchanges and countless businesses.
While services have largely been restored, some companies are still struggling to fully restore operations. As organisations become increasingly dependent on technology, how should they prepare for such a large-scale outage should it recur?
Bee Kheng Tay, president, Cisco Asean:
The state of our world demands organisations to be more digitally resilient than ever. The consequences of an outage — whether it be caused by a breach or an unintended error — can have a tremendous impact.
As the world becomes even more connected, companies need to ensure they enhance their IT resilience. They can do that by reassessing their current models, breaking down tech silos, and ensuring real-time visibility alongside seamless data and intelligence exchange.
For IT teams, visibility into how the network, including the Internet, impacts digital experiences is paramount. Even in scenarios where the network is not to blame, being able to quickly rule the network out as a vector is also of tremendous importance to identify the root cause and means of fast remediation. This is critical as organisations that uphold robust digital systems and a strong security posture will better enable their teams to concentrate on innovation and productivity.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
Prof Jan Ondrus, associate professor of Information Systems, ESSEC Business School, Asia Pacific:
The recent CrowdStrike outage sent ripples across the globe, disrupting businesses and highlighting the fragility of our digital world. This incident serves as a stark reminder of the importance of robust cybersecurity measures for everyone.
For cybersecurity companies, this means rigorous testing of updates before they’re rolled out, gradual implementation to catch issues early, and solid backup plans. Cloud providers must ensure redundancy in their systems, monitor for problems in real-time, and communicate clearly during disruptions.
See also: Responsible AI starts with transparency
Businesses aren’t off the hook either. It’s crucial to avoid relying on a single vendor for critical IT services, have clear agreements about service expectations, and maintain independent backups for quick recovery. Having a plan in place to deal with IT issues can significantly reduce downtime.
Everyone in the industry needs to work together, sharing information about potential threats and vulnerabilities. Regular cybersecurity training for employees can also bolster defences by raising awareness and improving response capabilities.
Foo Siang-tse, Senior Partner, Cyber, NCS:
The likelihood of such incidents has increased with digitalisation, AI proliferation, and more complex IT systems. It’s not a matter of “if” but “when.” Digital transformation needs to be paired with digital resilience.
I like to think of digital resilience as training for a boxing match. Both require constant training, protective measures, agility, and the ability to withstand and recover from attacks. Just as a boxer defends against punches and counters with strategic moves, digital resilience needs to be built up with a focus on cybersecurity, data governance, infrastructure scalability, application robustness and operational responsiveness. Without this, it’s a “House of Cards”.
Organisations can mitigate risks by diversifying their supplier ecosystems, ensuring effective vendor management by conducting regular assessments and having comprehensive incident response plans and well-rehearsed disaster recovery procedures. It involves building redundancies into critical systems, establishing alternative communication channels, and training employees to respond effectively to such incidents. These measures prepare organisations for a swift and effective recovery.
Digital resilience extends beyond technical measures. It involves building a culture of reporting, preparedness, and agility among all employees, not just IT departments. This enables organisations to be well-placed to seize the opportunities that digital transformation can offer, such as AI deployment.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Vishal Ghariwala, chief technology officer, SUSE Asia Pacific:
What happened with Microsoft and CrowdStrike was a situation nobody wants to find themselves in. The incident showed how a seemingly simple IT update can paralyse global IT systems and our day-to-day lives. I don’t think this is about CrowdStrike or Windows. This can happen with any software. More importantly, it stresses the importance of incorporating digital resilience so that mission-critical IT services can withstand serious disruptions.
One approach is to reduce software concentration risks by adopting diverse IT stacks, especially for critical services. It may seem counterintuitive, but moving away from monolithic IT environments allows organisations to quickly switch mission-critical operations while they fix the issue at hand.
Organisations could adopt a dual operating system strategy, such as using Windows and Linux. If the organisation faces issues, they can easily switch to the other. This may not always be a cheap and easy architectural, technological or business decision — especially if companies are trapped in a rigid IT ecosystem that inhibits agility and interoperability. However, in my honest opinion, this is something that every organisation should proactively consider so that their essential IT services can be preserved in the face of major disruptions.
Michael King, VP and GM, Asia Pacific and Japan, Wasabi Technologies:
Disruptions can strike an organisation at any time. While it is impossible to eliminate this risk, organisations can take a proactive stance to mitigate the impact by implementing a robust backup strategy and embracing a multi-cloud approach.
To fortify against the consequences of data loss and system downtime, implementing a 3-2-1-1-0 backup strategy is essential. This multi-layered approach maintains three copies of data on two different media, one off-site, one immutable copy, and zero-for-zero errors by making sure the air-gapped backups are fully functional.
Complementing this, a zero-trust security posture for cloud storage is equally critical. By enforcing rigorous access controls and employing impenetrable encryption, organisations can significantly curtail the risk of unauthorised data exfiltration and compromise.
Moreover, to safeguard against a single point of failure, organisations should also look towards embracing a multi-cloud strategy. Diversifying cloud providers allows for optimal utilisation of specialised services and reduces dependency on a single vendor. The solution here is clear: don’t leave all your eggs in one basket. Collaborating with multiple partners in the cloud is crucial to ensure that organisations can engage with a suitable vendor for “best-of-breed” product offerings tailored to their specific needs.
