Modern Organisations and our Reliance on IT

We were, rather abruptly, reminded about our reliance on IT on July 18th, 2024, when the popular endpoint security provider, CrowdStrike, released a software update that caused more than 8.5 million Microsoft devices to crash and run blue screen of death (BSOD) errors.  

A potent indicator of just how much of our work and personal life revolves around the use of technology, the impact of the bug triggered by the update was far-reaching with extensive global press responses mostly highlighting the widespread impact of the incident and emphasising its effects on various sectors. 

Increasing dependence on IT

Suffice to say, although less than 1% of Windows devices were affected by the bug, this was more than enough to make the world sit up and pay attention. Banks and stock exchanges around the world lost access to their systems, thousands of flights were cancelled, and – here in the UK – GP and hospital appointments and prescriptions had to be rearranged due to medical staff being unable to access the NHS’s EMIS booking and records system. Whilst difficult to assess with certainty, the economic impact is estimated to be around $2 billion USD (£1.54 billion) now, with some projections as high as tens of billions of dollars.

Today, our reliance on IT has become integral to both the success and sustainability of most modern organisations. The shift towards IT dependency being less of a trend and more a fundamental transformation that affects every aspect of business operations.

Top reasons why organisations depend so heavily on IT include:

Enhanced efficiency and productivity – automation tools, fast data analysis, and communication platforms all contribute to organisations’ efficiency and productivity, with many technologies – e.g., Copilot for Microsoft 365 – being specifically created to improve these areas and reduce time spent on repetitive tasks. Overall, the use of technology inside businesses has led to better collaboration, faster decision-making, and improved project outcomes.

Data management and analytics – often referred to as the twenty-first century’s ‘black gold’, organisations today generate and collect vast amounts of data, and IT systems are essential for storing, managing, and analysing this data. Advanced analytics tools provide insights that drive strategic decisions, optimise processes, and enhance customer experiences.

Cyber security – with our increasing reliance on digital systems, cyber security has become a critical concern for almost all organisations. Indeed, cyber security professionals are tasked with the important job of safeguarding sensitive information from cyber threats such as hacking, phishing, and ransomware attacks, and usually utilise digital tooling (as well as expertise and experience) to manage risk, identify and contain vulnerabilities, and ensure compliance with regulatory standards.

Innovation and competitive advantage – undoubtedly, IT is one of the driving forces behind innovation. Emerging technologies such as artificial intelligence (AI), machine learning, blockchain, and the Internet of Things (IoT) are revolutionising industries and helping organisations gain a competitive edge by creating new business models, improving customer engagement, and increasing operational efficiency.

Remote work and flexibility – virtual private networks (VPNs), video conferencing tools, and other cloud computing services have enabled employees to work from home (with up to 98% of UK employees now desiring some form of remote working). The shift to more flexible work models since the COVID-19 pandemic has highlighted the importance of IT when it comes to providing agility and security to workers, as well as ensuring that operations can continue uninterrupted, regardless of physical location.

Customer relationship management – technology has become a crucial aspect of managing customer relationships. Customer Relationship Management (CRM) software helps businesses track interactions, manage sales pipelines, and improve customer service. By centralising customer data, organisations can provide personalised experiences, address issues promptly, and build stronger relationships with their clients.

Cost reduction and budgeting – it’s true that upfront costs for IT infrastructure can be significant, however, the long-term cost savings of investing in IT are often substantial. For example, automation reduces staff costs, cloud computing eliminates the need for physical servers and can offer more flexibility and security, and efficient data management cuts down on storage expenses.

The true power of cyber events 

Of course, our reliance on and use of IT and internet-connected devices is a double-edged sword; offering both tremendous benefits and presenting us with unique challenges and risks to mitigate.

Given the scale of the CrowdStrike disruption, the event was glaring reminder of just how powerful and widespread IT and cyber issues could be if used nefariously by malicious actors. It’s a sobering thought, especially given the aftermath of the event during which cyber criminals were quick to take advantage of the confusion (many individuals and companies have reported receiving phishing related campaigns across email, messaging platforms, and voice from threat actors posing as CrowdStrike support staff).

To this end, it’s important that we remember that a similar outage could happen to any of the major players in the IT arena – and indeed to virtually any organisation we can think of. With this in mind, there are critical lessons about the power and impact of cyber events we can learn from the event, including:

• The widespread impact of cyber events across various sectors and the interconnectivity and dependency of different industries on shared technologies.
• The vulnerability of critical infrastructure to software glitches. This underscores the importance of robust and resilient IT systems in maintaining essential services.
• The significant economic risks associated with cyber incidents and the importance of having comprehensive cyber insurance and contingency plans
• The need for effective incident response and recovery plans.
• The critical need for rigorous software testing and validation before deploying updates.
• The importance of cyber security awareness and training for all users. Understanding potential vulnerabilities and having trained personnel ready to respond to cyber incidents can mitigate the impact of such events.
• The importance of transparent communication and timely updates during a cyber event.

Putting robust contingency plans in place

As we can see, robust contingency planning and proactive risk management are essential for minimising the impact of IT disruptions and ensuring business continuity. Putting plans in place, either with internal teams or an IT consultancy service provider, means organisations have a clearly defined plan in place ready to enable rapid and decisive action to be taken in the event IT systems fail.

At Littlefish, for example, we undertake cyber crisis tabletop exercises with our customers, to help them identify different risk scenarios and prepare for them. This activity also allows organisations to evaluate whether the incident response plan currently in place works effectively in the event of a cyber incident.

It might also help organisations to put in place a ‘Critical Hour Framework’ (CHF) – that is, a defined and agreed-upon playbook of actions designed to be undertaken within the first hour of a cyber incident taking place to minimise disruption and contain any threats.

As well as this type of immediate response and technical remediation action planning, it’s important for organisations to have contingency plans in place covering:

• Manual recovery processes: for affected systems, especially those in critical sectors, manual recovery processes are essential. This involved steps such as rebooting systems in safe mode, deleting problematic files, and restoring systems from backups.
• Communication: transparent communication with employees, customers, and partners is vital. People will require regular updates on the status of the incident, the steps being taken to resolve it.
• Failover systems: failover systems ensure that if primary systems fail, secondary systems can take over with minimal disruption. This could involve geographic distribution of critical infrastructure and data.
• Disaster recovery: comprehensive disaster recovery plans should outline the steps to take in various outage scenarios. This includes detailed procedures for data recovery, system restoration, and alternative operational workflows.
• Cyber insurance: organisations should review their cyber insurance policies to ensure coverage includes non-malicious events like software glitches
• Regular testing: conducting regular disaster recovery drills and testing backup systems ensures that all stakeholders are familiar with the procedures and that the systems function as expected under stress.
• Vendor risk management: assessing the risks associated with third-party vendors and establishing strong contractual agreements can help mitigate the impact of vendor-related incidents.
• Legacy systems: addressing technical debt by updating and maintaining systems reduces the risk of vulnerabilities and improves the overall resilience of IT infrastructure.
• Root cause analysis: conducting thorough root cause analyses after incidents helps identify the underlying issues and prevents recurrence.
• Continuous improvement: Organisations should use insights gained from incident reviews to continuously improve their contingency plans. This involves updating procedures, training staff, and enhancing technological solutions based on lessons learned.

Discover more about Littlefish’s IT consultancy and cyber services and how we can help protect your business by implementing a robust cyber strategy or get in touch using the green button on this page.