A recent global outage linked to a software update by a leading cybersecurity vendor affected millions of systems worldwide, disrupted key sectors and caused significant financial and operational losses. The incident serves as a stark reminder of the vulnerabilities inherent in modern, interconnected systems and highlights the need for organisations to adopt more resilient approaches to cybersecurity.
Since no system can be completely immune to failures, having well-structured incident response disaster recovery and business continuity plans enable organisations to respond quickly, minimise damage, and restore operations efficiently.
Preparation is key, and organisations must not only establish protocols for dealing with cyber incidents but also regularly review and update these plans in light of evolving threats.
In many industries, including aviation, healthcare, and banking, the uniformity of IT systems creates a significant risk: a single point of failure can cause widespread disruptions, affecting operations on a global scale.
This was clearly demonstrated when critical systems became inoperable, and sectors that depend on them were unable to function. To build greater resilience, organisations must prioritise diversification in their IT environments.
Instead of standardising on one system or platform, businesses should incorporate a mix of operating systems, applications, and hardware solutions. By doing so, they reduce the likelihood that a failure in one area will bring down the entire system.
For example, running both Windows and Linux-based systems, or deploying a combination of cloud, on-premises, and hybrid environments, can significantly mitigate risks. This ensures that if one system fails, another can continue to operate, maintaining business continuity.
The incident also emphasised the importance of managing third-party risks. Many organisations rely on external vendors to provide cybersecurity solutions, often placing immense trust in these third parties to safeguard their systems and do adequate tests on them.
However, the recent outage revealed that even well-established vendors are not infallible. This highlights the need for ongoing evaluation of the security practices of third-party vendors, particularly in terms of their testing and patch management.
Organisations should adopt a "trust but verify" approach when dealing with third-party solutions.
While it is crucial to partner with vendors that have a strong track record, businesses must also implement internal controls to test and verify the security and stability of these solutions.
Comprehensive third-party risk management should include regular assessments, transparency in vendor relationships, and continuous monitoring of potential vulnerabilities that could arise from third-party systems.
Another key takeaway from the outage is the value of continuous testing and simulation exercises in improving incident response capabilities. Organisations that rely on critical infrastructure must regularly test their response plans, not only for technical efficiency but also to ensure that decision-making processes, communication strategies, and overall readiness are adequate to handle complex cyber incidents.
By conducting these simulation exercises, businesses can identify weaknesses in their systems, refine their response procedures, and enhance coordination among internal teams and external partners.
For organisations managing critical infrastructure, it is essential to establish sandbox environments where updates and changes can be tested before they are rolled out to live systems. Companies must focus on integrating continuous testing into their workflows, ensuring that every software update or new deployment is first evaluated in a controlled environment.
This approach allows them to detect vulnerabilities early, address potential issues, and prevent widespread outages before they can affect production systems.
The recent incident is a powerful reminder of the need to build resilient cybersecurity frameworks capable of withstanding unexpected challenges. As critical infrastructure systems become increasingly reliant on digital solutions, they are also becoming more vulnerable to cyber threats.
To address these risks, organisations must go beyond simply investing in advanced cybersecurity technologies. They need to implement comprehensive strategies that include redundancy, diversification, robust third-party risk management, and rigorous testing practices. In today’s complex cybersecurity landscape, it is not enough to simply respond to threats as they arise.
Organisations must proactively prepare for the worst-case scenarios by developing resilient systems and response plans. By doing so, they will be better equipped to handle future cyber incidents, ensuring the continuity of critical infrastructure and protecting the essential services that modern society depends on.
The writer is Team Leader, Threat Intelligence Centre, NTT DATA
