July 22, 2024 | Resilience & Business Continuity
When the world’s digital heartbeat fails, resilience keeps the pulse of your business strong.
A global tech outage occurred on 19 July 2024. It was not the first, and it will not be the last. Global tech outages are an inevitable part of our digital landscape. Those affected would be grateful if organizations ensured that resilience strategies were put in place to minimize the impact on their lives before the next global tech outage occurs or whenever any service disruption occurs.
The Incident Unveiled: What happened?
An innocuous CrowdStrike patch update, which occurs on a regular basis, triggered a domino effect that shut down airlines, banks, stock markets, emergency services, electricity utilities, and more. This run-of-the-mill patch update crashed 8.5 million Microsoft Windows computers. While this was happening, the Internet continued operating as it was designed to, as a reliable means of moving data between computers. The updated Microsoft Windows computers delivering services to their users crashed, not the Internet. The CrowdStrike-induced global tech outage should be a wake-up call for organizations large and small to implement business continuity resilience plans.
Understanding the Impact: Why was this bad?
Concerning IT systems, there are more ways to malfunction than to operate correctly. When built, systems are meticulously designed, assembled, and tested before being brought online and joined by other online systems. All it takes is for one unsuitable ‘thing’ to cause a system to become inoperable.
This is not the first time system failure has occurred due to an innocuous action. Technology is not perfect and will fail from time to time, no matter how many promises are made that it won’t. Technology can fail for many reasons: cyberattack (which has the greatest focus today), human error, natural causes (hurricanes, earthquakes, etc.), technological incompatibilities, and wear and tear, to name a few. The resulting impact can range from minuscule to disaster level.
Unfortunately, there are rarely any indications of an impending failure, and when a failure occurs, it has the potential to wreak immense havoc, much like this global tech failure of July 2024.
Ultimately, technological failure in our digitized world will touch and impact many people’s lives. There is simply no avoiding it.
Affected Parties: Who bore the brunt?
Around the world, airplanes were grounded, and people were left stranded at airports. Worldwide over five thousand flights were canceled, and more than 10,000 were delayed. Airlines, banks, hospitals, emergency services centers, public transit systems, broadcasters, electricity utilities, and more were affected. The lives of millions of people were disrupted.
The financial impact of the global tech outage on businesses are estimated to be in the hundreds of millions of dollars. The impact on people goes beyond inconvenience, many were left out of pocket, having unplanned hotel stays and having to book new flights.
Analyzing the Failures: What went wrong?
When businesses decide to digitize processes and business functions, they often take a success-oriented approach to the digitalization process, without considering risks to be mitigated. Failures or disruptive scenarios are rarely considered in their digitized processes and business functions. Businesses need to pay attention to potential risks. It is natural to assume that nothing will go wrong or that disruptive scenarios can be quickly addressed to resolve any issues. However, this belief is misplaced, as is evidenced by the global tech outage of July 2024.
Prevention Strategies: Can these situations be avoided?
Businesses have a responsibility to their customers to be resilient in the face of challenging situations such as a tech outage. The global tech outage of July 2024 left thousands of passengers stranded without flights, grounded many aircraft, impacted banking systems, brought down some emergency services for various cities, and, in general, made the lives of millions of people difficult. Each time that events such as this occur, the resulting costs to businesses can reach astronomical levels. This begs the question of why companies wouldn’t establish resilience plans to minimize the fallout of such events impacting service delivery to their customers.
Businesses must view resilience planning as more than just business insurance; they must also ensure they are financially and operationally ready to manage unexpected disruptions.
Crisis Management: How could this have been better managed?
Organizations that are successful in building resilience will do so continuously, recognizing that changes in the business environment ebb and flow will influence the extent and severity of disruptive events and in their plans and responses.
Building Resilience and ensuring Business Continuity
Resilience is the ability to withstand or recover quickly from challenges and disruptive events. The International Standards Organization (ISO) ISO22301 “Business Continuity Management Systems – Requirements” standard is an excellent starting point for establishing a resilience posture. It provides a tailored framework for organizational needs and excellent guidance for implementing a Business Continuity Management System (BCMS) to address resilience requirements.
A partner standard to ISO22301 is ISO27001, “Information security, cybersecurity, and privacy protection — Information security management systems — Requirements.” When used together, these two standards constitute an integrated management system enabling organizations to effectively address cyberattacks and disruptive events. ISO27001 sets up safeguards for vulnerabilities to prevent successful exploits, while ISO22301 provides plans and procedures for dealing with successful exploits and restoring services in response. In essence, ISO27001 focuses on prevention, whereas ISO22301 focuses on response and recovery.
Maximizing Resilience: How can organizations leverage this?
In today’s business environment, it is crucial for every organization, regardless of size, to establish the capability to maintain business continuity. This is because, at some point, every organization will face disruptive events. The business landscape today is far from the calm environment of over 30 years ago, when few if any where digitized. Today's systems face increased vulnerability due to bad actors, environmental factors, and unanticipated technical failures.
As businesses and their customers increasingly rely on digitized business functions delivered by interconnected systems, the likelihood of technical disruption events also increases. Organizations that do not have business continuity plans are at risk of significant losses during and after a disruption, and they may lose valuable customer loyalty.
Embracing Resilience for a Stronger Future
Organizations can protect themselves and their customers from disruptive events by establishing an encompassing business continuity (resilience) strategy. The ISO22301 standard is an excellent starting point.
Who can help?
Partner with NEOS Advisory, a top business resilience and continuity solutions provider. We specialize in turning challenges into opportunities for growth and success - even when the world goes dark.