Editorial of July 25, 2024

‘Stay Vigilant; Adapt as Needed’

In the wee hours of Friday, July 19, hospitals, financial institutions, airlines, businesses and governments all over the world came to a screeching halt as the result of a global IT shutdown, which many are deeming worse than a cyber attack.

“A global technology outage caused by a faulty software update grounded flights, knocked media outlets offline, and disrupted hospitals, small businesses and government offices on Friday, highlighting the fragility of a digitized world dependent on just a handful of providers,” the Associated Press reported. “At the heart of the massive disruption is CrowdStrike, a cybersecurity firm that provides software to thousands of companies worldwide.”

This sobering incident—which left thousands of airline passengers stranded, caused municipal shutdowns across the world, including here in Otsego County, and disrupted worldwide commerce—has us all wondering what we can do to prevent such a crisis in future or, at the very least, plan for and mitigate the damage.

In his article, “The Global IT Outage Provides Several Crisis Management Lessons,” “Forbes” senior contributing writer Edward Seigel wrote: “If there are silver linings that can be found in the crisis, they are the crisis management lessons that business leaders should take to heart as their companies recover from the outage—and start preparing for the next crisis.”

What can companies do?

Act swiftly and transparently to control the narrative. Update customers regarding what happened, steps taken to rectify the situation and how future incidents will be prevented.

Ensure redundancies in communication. Organizations must be able to communicate both internally and externally in the midst of a crisis.

Provide reassurance. Leadership should make sure customers are kept up to date and provide regular service status reports.

Acknowledge the seriousness of the situation. Companies should show that they have a clear path forward and are able to measure their progress.

Be available and be transparent. The system failure is not the company’s fault, but the company must now concentrate on doing right by its customers.

Have a plan. Create and periodically test the viability of your business recovery plan.

Back-up data. Companies must have a reliable means for backing up of data that is both quickly and easily employed and which includes geographically-distant backup storage.

Copilot, Microsoft’s AI assistant—which appeared on our laptop seemingly out of nowhere during a Google search—recommends the following steps to safeguard against a global IT shutdown which can be adopted by entities both large and small and by the public:

Stay informed: Regularly monitor news and updates related to cybersecurity incidents, software vulnerabilities and system outages. Being aware of potential risks allows you to take timely action.

Back-up systems: Maintain regular backups of critical data and systems. Use both local and cloud-based backups to ensure redundancy. Regularly test your backup and recovery processes.

Diversify software providers: Rely on multiple software vendors and services. Avoid over-reliance on a single provider. Diversification reduces the impact of a specific vendor’s outage.

Implement network segmentation: Divide your network into segments with restricted access. This limits the spread of disruptions and helps isolate affected areas.

Security best practices: Follow cybersecurity best practices, such as using strong passwords, enabling multi-factor authentication, and keeping software up to date.

Collaborate with cloud providers: If you use cloud services, collaborate with providers like Microsoft Azure, Google Cloud Platform and Amazon Web Services. They can share insights and solutions during incidents.

Circumvention strategies: Familiarize yourself with circumvention techniques to bypass Internet shutdowns. These include using virtual private networks, proxy servers, and alternative domain name system services.

All this being said, the recent global technology outage makes us think a little closer to home.

The ways in which we are tied to the Internet and wireless communication are scary.

Many of us no longer carry cash—we make our purchases and payments with our bank cards, or online. Maybe we should go back to carrying cash instead of tapping our cards… Many of us now only have cell phones, which are susceptible to hacking, malware and data breaches. In an age where cybersecurity concerns are ever increasing, landline phones are less vulnerable to such threats and can provide an extra layer of security and privacy.

And what about those Internet-connected devices which allow us the option of remote monitoring and management of appliances and systems in our homes, such as lighting and heating? Or connected car technology, which integrates the Internet and wireless communication into vehicles, to communicate with other vehicles, share data, and interact with various devices and services?

Whether or not this global shutdown affected us directly, we certainly should be thinking about the implications moving forward.

And, as Copilot advises, “Remember that while incidents like the recent CrowdStrike outage are infrequent, proactive measures can mitigate risks and minimize disruptions. Stay vigilant and adapt as needed!”