BusinessCantillon

CrowdStrike tech outage: How can we stop the next catastrophe?

Firms must review their contingency and cyber-resilience plans to avoid future major mishaps

The global IT outage disrupted air travel, including in Detroit where many passengers were stuck in the airport terminal building due to flight cancellations. Photograph: Joe Raedle/Getty
The global IT outage disrupted air travel, including in Detroit where many passengers were stuck in the airport terminal building due to flight cancellations. Photograph: Joe Raedle/Getty

The old adage “don’t put all your eggs in one basket” was never more true than last week, when a global IT outage took down a number of large companies and caused widespread chaos.

Flights were cancelled, payments processing went down, health services were hit. The impact was wide-ranging and global.

But as the dust begins to settle, questions are being asked: how could this happen and, more importantly, how could we stop this from happening again?

Business counts the cost of Crowdstrike outageOpens in new window ]

The incident, experts said, was a good example of how a major outage can impact supply chains and how companies need to look at their contingency and cyber-resilience plans to make sure they can continue providing services in the event of a major incident.

READ MORE

Businesses have increasingly turned to outside companies to provide expertise they either don’t have or can’t afford in-house. And with an ever-complex cyber security landscape, it is not surprising that companies such as CrowdStrike have made their mark.

However, last week’s outage showed the downside of that approach. It also provided an unintentional test for anyone who wanted to carry out a cyberattack that caused widespread chaos. If one bad update caused so much disruption, imagine how much a deliberate attack would inflict.

Irish airlines, public transport and NCT hit as Microsoft scrambles to fix global IT outageOpens in new window ]

There is no such thing as perfect cyber security or a zero-risk approach. However, this incident may push more cautious companies to look at how their services are distributed, formulate some resilience plans in case of the worst happening and make some changes.

There are now serious questions for the tech industry to consider, particularly in light of new technologies that are being pushed into the market. If they want people to trust them, they have to earn it – and in some cases, earn it back.