Blog
White Label Consultancy | 24th July 2024
That IT Outage Event – The Ultimate Test of Cyber Resilience
So, where do we begin… well, it happened. Also, the root cause and the recovery steps were made known pretty quickly too. Yet it impacted countless organisations both public and private in many industries and millions of people around the globe. For example, it was estimated that around 8.5 million Windows devices were affected, and more than 10,000 flights were disrupted globally. One can read the details from other articles.
In the coming weeks and months, we should expect more observations, considerations, and recommendations from industry experts to better prepare and equip both the consumers and vendors to prevent such events from reoccurring.
Some key observations as well as possibly new considerations for organisations to explore from that event:
- Security software is just another software
Security applications generally require different treatments when it comes to configuration/patch updates due to their nature and intended functions. For example, configuration/patch updates to fix zero-day treats typically do not undergo the usual test-and-deploy approach that would be required for other applications.
Should organisations consider enforcing the same configuration/patch updates verification, with specific exemptions moving forward? Third-party software supply chain and its associated risks will be revisited and updated to better address such scenarios.
This is also not to say that security application vendors should not adequately test their updates to ensure that events like this do not happen the way they did.
- Ability and speed to fix the affected devices
The published quick fix requires privileged access to the affected computers such as laptops, desktops, point-of-sales devices, etc. Organisations that have the technical capabilities and policies to enable just-in-time privileged access to their employees to execute the fix would recover faster compared to a centralised setup.
Given that the event occurred at the end of the working week, or in some regions the start of a holiday season where employees are distributed all over, a centralised setup model to deploy the fix would be challenging, to say the least.
Should organisations consider implementing Privileged Access Management capabilities to enable just-in-time elevated access not specifically for such events but for other minor self-service functions as well?
- Crisis management and business continuity plan
It was observed that many businesses in different industries from airlines, and banks to supermarkets were significantly affected by the event. It also showed that their crisis management and business continuity plan could be lacking in terms of readiness, responsiveness, and alternative (and possibly manual) processes to keep the operations running somewhat. This varies between the affected organisations as observed.
Should organisations include scenarios like this in their crisis management and business continuity plans? What other similar scale scenarios would have such effects, regardless of the likelihood of them occurring such as Carrington events, prolonged internet/power outages, and regional/country level natural disasters, to name a few?
- Communications plan
Miscommunication (some mischievously): Although this is clearly a third-party triggered event, the principal platform affected was the focus on disgruntled organisations, end-users as well as anti-platform trolls.
The principal platform did play its part in communicating, and managing the situation and later released a recovery tool to assist affected organisations but was it effective? How could it ensure that such events could be prevented in the future?
Addressing the situation: The third-party vendor took some time before addressing the public directly, most evidently via its CEO through various media channels to communicate the technical aspects of the event with controlled statements given the potential legal and financial implications of this event. A difficult balancing act to calm the affected organisations, businesses, and users and to manage its stakeholders.
Should they be more forthcoming and open when communicating?
- Threat actors
As expected, bad actors took the opportunity to generate fake websites, communications, etc. with the hope of catching the less security-aware organisations, and users divulging sensitive information, and login credentials for nefarious purposes.
It was also noted that certain countries were not impacted due to existing sanctions, technological exclusions, etc. and that they could have taken advantage of the chaos affecting some of the national infrastructure or critical services. Food for thought.
The above is by no means an exhaustive list. In the coming weeks and months, we should expect more observations, considerations, and recommendations to better prepare and equip entities to improve their cyber resiliency.
White Label Consultancy has extensive experience supporting organisations with cybersecurity advisory and leadership. WLC has experience in providing risk assessments and maturity reviews at an organisational level that considers a broad threat landscape that is ever-evolving. Reach out or schedule a call to learn more about our service offerings and how we support your organisation.