Strengthening Cyber Resilience: Key Takeaways from a Global IT Outage

In my recent article, 'Finding Peace in Turbulent Times: Lessons from a Journey Interrupted,' I shared how a global IT outage disrupted my plans. If you still need to read it, please feel free to do so here [https://lnkd.in/et44_hPm].

However, beyond the personal challenges, this outage highlighted critical lessons for us as internal audit professionals and board members. Our role is not just routine oversight; we are the custodians of our organisations' risk management frameworks, a responsibility that cannot be overstated. This incident underscores the vital importance of our contributions. So, what can we learn from this incident to better protect our organisations?

?

Cybersecurity: A Growing Concern

Cybersecurity risks have long been a focus in audits, challenging IT, risk management, and organisational leaders. The recent IT outage—triggered by a faulty software update from CrowdStrike—brought these concerns into sharp focus. The incident disrupted millions of devices across critical sectors such as Airlines and transportation, healthcare, and banking, revealing vulnerabilities in our interconnected digital world.

As we navigate the aftermath, it's more evident than ever that a proactive and comprehensive approach to cybersecurity and IT risk management is not just important but essential. Your proactive approach is crucial in this digital age.

Lessons Learned and Actions Required

• Thorough Testing Before Deployment - The outage demonstrated the dangers of prioritising speed over thorough testing. Organisations sometimes rush updates without adequate validation in the race to counter evolving cyber threats, leading to significant disruptions. Internal Audit's role in evaluating change management protocols, testing procedures, and risk mitigation strategies is crucial in preventing such incidents.
• Enhanced Monitoring and Response - Real-time systems monitoring can detect issues early, enabling swift responses and minimising disruptions. Internal Audit should assess the effectiveness of monitoring tools, evaluate incident response plans, and ensure regular drills are conducted to test organisational readiness.
• Building Redundancy and Resilience - Organisations must design IT infrastructure with redundancy and resilience in mind. Diversifying systems, spreading workloads, and implementing failover mechanisms - systems or procedures designed to automatically switch to a redundant or standby system in case of a failure or abnormal termination of the currently active system- can mitigate the impact of single points of failure. Internal Audit can identify vulnerabilities in IT architecture and recommend measures to bolster resilience.
• Fostering Collaboration and Communication - Microsoft's collaborative response during the outage—working with customers and other cloud providers—highlighted the value of partnership in crisis management. Internal Audit can facilitate cross-functional collaboration, enhance communication channels between IT and business units, and promote a culture of transparency to ensure effective responses to IT disruptions.

?

Looking Forward: Strengthening Resilience

Organisations must prioritise the following actions to enhance their resilience to IT risks:

• Rigorous Testing - Ensure software updates undergo thorough testing and validation.
• Enhanced Incident Response - Strengthen plans and capabilities to manage IT disruptions effectively.
• Proactive Monitoring - Improve monitoring and alerting systems to detect and address issues early.
• Strengthened Resilience - Review and enhance redundancy and resilience measures in IT systems.
• Collaborative Culture - Promote collaboration and communication across all levels of the organisation.

Internal Audit functions should reassess their priorities, focusing on comprehensive reviews of IT governance, risk management, and cybersecurity frameworks. By aligning audit plans with the lessons learned from this global outage, organisations can better mitigate IT risks, enhance their cybersecurity posture, and safeguard operations in an increasingly volatile digital landscape.

In conclusion, the recent global IT outage is a wake-up call for organisations to re-evaluate their cybersecurity and IT risk management strategies. Proactive measures, robust processes, and effective collaboration are not just best practices—they are essential. The Internal Audit function is central to driving these efforts, helping organisations build more robust defences, fortify IT infrastructure, and ensure business continuity in an era of escalating cyber threats.

Kassira Y.

Note:

1. These are my thoughts and perspectives. Article assisted by AI for proofreading.
2. This is my personal profile, and I do not speak on behalf of any affiliated organisations unless specified.

?