The Day the World’s Digital Resilience was Tested - and Failed
Prioritize Digital and Cyber Resilience to Avoid the Next Global IT Outage.??
Over the last few months, we have witnessed several large-scale, digital system failures that had material impacts on our daily lives. From passengers stranded at airports worldwide, to patients unable to access critical hospital care, prescriptions, or even 911 services. Vehicle sales were halted across the U.S., and millions of Americans have had their personal data – including SSN, date of birth, address – stolen, locked down, and shared online.??
The long list of recent IT, cyber, and ransomware incidents will continue to grow in the future. It has never been more apparent that we must urgently work together to ensure that the interconnected digital systems that our world so heavily relies on are ready for when — not if — similar instances happen again.
The time is now for Digital Resilience. IT must work together with industries, across public and private sectors to create a new standard of trust and reliability in our digital systems. There are lessons to learn to deliver cyber resilience.?
Let’s explore the need in the context of the current realities of our digital dependence. Here are examples that reinforce the case for a digitally resilient future:
?
Reality #1: The world is even more dependent on technology than we thought.
?
It’s estimated that more than 5.4 billion people, or roughly 70 percent of the world’s population, use the internet. So, it should be expected that any widespread computer shutdown would cause significant disruptions.
?
But never before have we seen the systems that touch our daily lives impacted so widely and for so long and with such a massive blow to the world economy. According to one insurer’s analysis, one incident will cost Fortune 500 companies more than $5 billion in direct losses. It’s no surprise: a report from Howden found that business interruption is typically the largest cyber insurance cost component of a significant event, accounting for up to 70 percent of all claim costs where a firm is heavily reliant on the availability of critical systems in sectors such as manufacturing and financial service.
?
By highlighting how deeply digitized we have become in almost every aspect of our daily lives, we’ve exposed the need to better protect the web of interconnected services that enable it all. It would be irresponsible for the public and private sectors not to embrace this challenge as a top priority.
?
Reality #2: Human error is inevitable.
?
Human error is often the root cause of major outages. In July 2021, for example, customers were unable to access travel, retail, financial services, and many other websites for about an hour due to a buggy software update.
?
Three months later, the scale of the issue became even more apparent when an error rendered billions of users unable to access social media for hours. A single command issued during routine maintenance unintentionally took down all the connections in a backbone network, causing an outage.
?
Outages can occur due to the “friendly fire” of human error. And that reflects an inescapable truth: The internet’s complexity has exceeded human comprehension, and thus, it is and will always be vulnerable to human mistakes.
Reality #3: An outage is a dress rehearsal for a large-scale cyberattack.
?
Make no mistake: While human error is sometimes responsible for outages, nation-state actors and cyber adversaries await the opportunity to cause chaos. Recent disasters are a chilling cautionary tale about how disruptive and debilitating an attack could be.
?
Nearly ten years ago, the world got a glimpse when a company that manages crucial parts of the internet’s infrastructure was hit with a multi-pronged Distributed Denial of Service (DDoS) attack, rendering popular social media, travel, and entertainment websites inaccessible.
?
Recent outages highlight the same vulnerabilities in one of the broadest and most sophisticated cyber assaults ever against the Federal Government and private sector: the 2019 SolarWinds attack. The campaign by Russian operatives included injecting malicious code into a file later included in SolarWinds’ Orion software updates, which were then unwittingly released to customers.
Reality #4: We need to join forces to become more digitally resilient. As the dust settles around recent global outages, everyone is discussing how to prevent a similar calamity in the future — things like better testing before software updates, taking a phased approach to implementing updates, and more closely examining software quality reassurances from software providers.
These are all good, but when someone asks me how to prevent human error or cyberattacks, I answer: You can’t.
What I mean is that, given the scale, complexity, and intensity of today’s digital world, believing problems can be prevented makes as much sense as thinking the police can stop all crime or the doctors can help proactively prevent all diseases. Plain and simple, human errors and cyberattacks are inevitable.
The conversation shouldn’t just be about outright prevention but instead about fostering resiliency via technologies and processes to limit damage and keep systems running when the worst happens.
The conversation includes everything from disaster scenario planning to adopting a digital twin strategy — active systems that create virtual replicas of computing assets and can be activated on demand like a second brain to avoid downtime when disaster strikes. Organizations need robust technologies that not only help them protect and secure their data but also recover it so they can continue operations and provide essential services during and after an attack.?
The onus can’t be on a single entity either — this is a shared responsibility, and we all need to rise to the occasion. Lawmakers, vendors, and companies - both public and private - must band together and create a game plan to become more digitally resilient as a whole.?
So what’s next?
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, called for a doubling down on resilience in a recent LinkedIn post: “Whether it’s a technology outage caused by faulty code or a cyberattack caused by Chinese cyber actors, we must expect there to be disruption. We should plan for it, prepare for it, and build our systems and our networks to withstand it as much as possible, as well as train and resource our people to manage through it.”
?
Case in point: one organization that emerged from the recent outage was Tampa-based Chapters Health Systems, a nonprofit with 74 locations and 3,500 staff members. By the end of the day, the company was quickly back to business as usual, thanks to a variety of Plan B measures for resiliency if its computer systems went down.?
How about that? Resiliency works. In the aftermath of a disaster, digital resiliency, rather than the false idol of out-and-out prevention, is what the world needs to work toward—together.
Thinker, Problem Solver, Solutions Developer, Father & Husband, Student of History
2 个月Bipul, well stated. Markets have quickly seen the advantages of data assets but need to understand the full implications. There is risk associated with every asset. It would not be overstated to say that every business is a data business. Enterprises need to protect their data like all critical assets. The CIA is still valid: confidentiality, integrity, and availability. And you have to run your BC tests like you mean it!
CIO?? Digital and Business Transformation Executive ?? Board Member ?? Startup Advisor??Top 10 Women in Retail Technology award recipient??"Rockstar" Women in Digital Award Recipient
2 个月Excellent article Bipul Sinha. Simple and easy to comprehend. I loved the line - Outages are caused by “friendly fire” of human error. And that will always happen. Digital Resilience is a must. Prevention is a myth.
Founder/Product | AI/ML, Data Analytics
2 个月Insightful, and this is just a tiny fire drill compared to the adoption of AI agents and the shift of power dynamics and national security alongside multiple dimensions or long-term macro forces. Bad actors doesn't necessarily have to hack a system to cause chaos and disruption. Are AI agents soon going to be the agents of DDoS, misinformation, chaos, and digital disruption? It may look like sci-fi, but a poisoned foundation model can make all the dependent AI agents evil.
Fintech Enterprise Sales Executive Bridging Culture and Technology | Sales Management | Compliance | SaaS, CaaS Enterprise Solutions | Network Marketing Management | Business Relationship Management |
2 个月This is one of the most, if not "The MOST" Insightful Digital Resilience Analysis I've read this year! Hats Off to you and many thanks for sharing! Ohhh, and could not agree more!