If you haven’t heard about the “blue screen of death”, where have you been? Hopefully not stuck at an airport.
In any case, here’s a quick breakdown on what went down: the world experienced a global IT outage last Friday. Thousands of flights were halted, broadcasts were affected, people were stumped. Overall, 8.5 million devices were reported to be affected.
And then, the world figured out that the reason for this huge incident boiled down to one company—CrowdStrike. Basically, what happened was CrowdStrike rolled out a faulty software update.
Of course, there are many industry-specific lessons to be gained here regarding how to better run and operate software. But there are also more general lessons here that most businesses can and should take note of from this whole fiasco.
1. Don’t put all your eggs in one basket
What happened with CrowdStrike is what the IT industry calls a single point of failure (SPOFs). If a SPOF fails, it will stop the entire system from working, creating a technical disaster across industries, functions, and networks.
In a CNBC article, Javad Abed, an assistant professor of information systems at Johns Hopkins Carey Business School, shared, “A single point of failure shouldn’t be able to stop a business, and that is what happened. You can’t rely on only one cybersecurity tool, cybersecurity 101.”
Instead, as startupdaily.net reported, companies should use a multi-cloud strategy whereby they distribute their IT infrastructure across multiple cloud service providers.
This means that if one provider goes down, others can continue to support critical operations.
This could be applicable to all facets of a business. In a world where we’re constantly trying to find the most efficient way to do things, it’s critical to think whether one-stop solutions are really all that reliable.
More generally, this might mean things like backing up your data in multiple avenues instead of just on one computer.
2. Do things in phases
In the CNBC article, Eric O’Neill, a former FBI counterterrorism and counterintelligence operative and cybersecurity expert, shared that CrowdStrike’s update should have been rolled out incrementally.
This is a sentiment echoed by others, such as The Observer, which argued that while regular automated updates of security software are invaluable, there should always be a phased rollout of each update.
This way, problems can be addressed before they become disastrous.
This mindset too could apply to most businesses. Instead of rolling out huge overhauls, changes could be more seamlessly take place if smaller steps are taken.
For example, if the goal is to move towards a work-from-home model, maybe a business could try out a hybrid system first before jumping the gun to ensure all staff members are equipped to truly work from home.
3. Be prepared for the worst
Have you ever heard the saying, “It’s not what happens to you, but how you react to it that matters?”
This sentiment could be applied here, especially when it comes to cyber preparedness.
Specifically, it goes to show that companies and individuals could be a lot more prepared should something in the system fail.
As Peter Avery, vice president of security and compliance at Visual Edge IT, told CNBC, “The bigger picture is how fragile the world is; it’s not just a cyber or technical issue. There are a ton of different phenomena that can cause an outage, like solar flares that can take out our communications and electronics.”
Ensuring that a company and its staff have tools to respond when any sort of outages occur can be critical in managing a dire situation like this.
Preparedness could look like knowing who to contact, how to communicate with stakeholders, and more.
Essentially, companies should think of ways their business can continue to operate even when specific systems fail. What happens if the internet goes out? What if there’s no electricity for a day? What if a staff member falls sick? Contingency plans should be built based on these possibilities.
Spotlighting local talents
A netizen posted to Reddit that they believe a key lesson from this is that corporations shouldn’t rely as much on offshore talent, particular in IT and cyber security matters.
Instead, they should hire quality, local IT as they will be needed during disasters like these. Or perhaps, hiring local might even mitigate these problems.
Businesses who want to tap into Malaysia’s tech talent could refer to platforms such as MYStartup to access local talent pool.
While this situation with CrowdStrike has certainly caused a lot of disruption, we hope businesses are able to learn from it. And if you’re still stranded somewhere due to the flight delays and cancellations… well, good luck.
- Read articles we’ve written about Malaysian startups here.
Featured Image Credit: Vulcan Post