Global IT outage reveals critical need for business resilience

In the wake of the significant global IT outage last week, industry leaders have highlighted the critical need for businesses to bolster their disaster preparedness and resilience.

The outage, which impacted numerous organisations worldwide on Friday last week, cast a spotlight on the vulnerabilities present in today's interconnected digital infrastructure.

Shane Maher, Managing Director at Intelliworx, a global managed services provider, commented on the broader implications of the incident. "There are so many people affected by this outage and it shows why disaster preparedness is so important. And it’s not just a security or technical issue. This is a business problem that's more about disaster recovery and handling the situation," Maher stated. He emphasised the necessity for businesses to have a robust response plan and to communicate transparently with their customers and stakeholders. "Businesses should have a plan for these kinds of situations because they can happen anytime. And they should communicate clearly and honestly with their customers and stakeholders when they do."

Simultaneously, recent research from SecurityScorecard, in collaboration with McKinsey & Company, has shed light on the concentration risks within the global IT landscape. Dr. Aleksandr Yampolskiy, CEO of SecurityScorecard, noted, “Our research shows that 62% of the global external attack surface is concentrated in the products and services of just 15 companies.” He highlighted the implications of this concentration, associating it with potential systemic risks. "An outage is just another form of a security incident. Antifragility in these situations comes from not putting all your eggs in one basket. You need to have diverse systems, know where your single points of failure are, and proactively stress-test through tabletop exercises and simulations of outages," Yampolskiy advised.

He also underscored the importance of understanding supply chains. “Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. By operationalising data on vendors and third parties, companies can build resilience against disruptions,” stated Yampolskiy. He also called for proactive incident response through continuous updates and prioritisation of vendors based on criticality, ensuring compliance with regulatory mandates such as the Digital Operational Resilience Act (DORA).

Simon Baxter, Principal Analyst at Tech Market View, provided additional insights into the lessons that can be drawn from the incident. "I have seen a lot of posts over the weekend saying that this demonstrates the fragility of depending on a sole company for IT provision and the need to have multiple cloud suppliers. There is some truth in such statements in a broader context, but we should be clear, it has nothing to do with what happened on Friday, this could have happened to any number of technology suppliers," explained Baxter. He highlighted the broader issue of resilience, noting that "the lessons of the pandemic should not be quickly forgotten; supply chains, whether physical or digital, are fragile. Organisations are so reliant on a number of third-party suppliers, that disruption to any one of them can bring operations to a standstill."

The outage serves as a stark reminder of the fragility and systemic risks inherent in the modern digital infrastructure, particularly the concentration in key service providers. The incident has spurred discussions on the need for diversified IT strategies, resilient supply chains, and comprehensive disaster recovery plans, emphasising that preparedness and resilience are not just technical imperatives, but essential business priorities.