By Kelsey Kendall
Earlier this month, CrowdStrike’s buggy software update crashed many Windows computer systems, causing massive global disruptions to air travel, healthcare and businesses. Airlines are still trying to get back on track, and the outage hit companies with losses that could be in the billions of dollars, according to The Washington Post.
Though not a cybersecurity-related incident, the outage revealed to many how complex and fragile our computer systems are. Sachin Shetty, executive director of the Center for Secure and Intelligent Critical Systems, says the outage could be used as an example of why these companies need to build a cybersecurity resilience culture to be prepared in case a cyber attack does happen.
“In today’s world, every industry vertical uses computer software to offer services to customers,” Shetty said. “So, in essence, all industry verticals cross cutting commercial, defense and federal sectors are at risk for a cybersecurity attack.”
Shetty said there are two primary questions companies need to ask themselves as they consider how to prevent mass outages from happening: How quickly can a threat be detected? How quickly can the company respond?
It starts with developing a company-wide “cyber resilience culture,” Shetty explained. Building up this ability to respond to an attack impacts the company’s business continuity plans – plans that keep the business running in case of disruptive events – positively if implemented well.
Shetty recommends companies should assess how long it takes for their systems and people to detect an outage issue and identify the root cause. Improving this process can help companies in the future.
After detection comes response. There should be backups and redundancies in their systems, Shetty said, so that companies can go back to previous, un-impacted critical systems and minimize disruptions to business operations.
It is also important to avoid “IT vendor homogeneity,” which means there are a limited number of systems being used. When one goes down, it is more difficult to move to something else while the problem is evaluated. That was one of the issues with the Microsoft outage. When the system went down, it was so widespread because of how many companies rely on the vendor and the lack of backup resources.
Shetty said there is no way of stopping attacks from happening. Threats can come from anywhere. What is important is figuring out how to respond when they do happen. Tabletop exercises and comprehensive looks at policies and procedures will help improve these responses and minimize costly disruptions.