The disruption was caused by a flawed update to a cloud-based security software of CrowdStrike, one of the global top cybersecurity companies. The update to the Falcon software triggered a malfunction that disabled parts of the computer systems and software like Microsoft Windows. Three days after the incident, CrowdStrike reported that a significant number of the devices are back online and operational.
As the stories of the disastrous consequences of the incident are making the headlines, there is a major lesson to be learned from the outage: we need to prepare for such incidents in ways that we can maintain the resilience of our businesses and services. Whether caused by the intentional actions of an adversary or the innocent mistakes of well-intentioned actors, businesses and governments need to be resilient to cyberattacks and other cyber failures that can lead to major disruptions of business processes.
The incident highlights the need to shift our perception of cybersecurity from a mere IT issue to the broader concept of cyber resilience as an integral part of business resilience. In the face of a cyberattack, businesses should be able to recover fast from an incident and resume business as usual.
To be cyber resilient, organizations need to first and foremost identify business-critical processes and ensure the continuity of those even during cyber incidents. This has to involve continuous conversations with business leadership to ensure alignment with the overall business strategy while conducting real-time prioritization.
The July outage should also nudge us to think beyond cyber and business resilience and look at the big picture: systemic resilience. As cyber threats become more advanced, businesses increasingly rely on a few sophisticated security software providers. This reliance creates a single point of failure, where a flaw in one system can lead to global cascading effects. Balancing centralized, highly protected architectures with decentralized, lower-impact systems is a difficult challenge.
Advances in cybersecurity can prevent many disruptions, but when adversaries do succeed or accidental cyber failures happen, organizations need to make use of a toolbox of methods to be able to detect, withstand, and recover business-as-usual operations as rapidly as possible.
The World Economic Forum’s Centre for Cybersecurity is collaborating with the University of Oxford’s Global Cyber Security Capacity Centre (GCSCC) on a blueprint (Cyber Resilience Blueprint Initiative) — or compass — to support organizations across industries to advance their cyber resilience. The initiative is bringing together cybersecurity leaders from across the world to develop a common understanding of business cyber resilience and collect and systemize experience on cyber resilience tradecrafts that matter.
As online and cyber infrastructures become ever more complex, interconnected and central to all sectors of business and society, the importance of cyber resilience will only continue to rise.