MARSH
Weighing the risks of the AI revolution
As emerging technologies appear almost overnight, Jaymin Kim assesses the risks from a mitigation and risk transfer perspective.
Many directors had their weekend plans interrupted by the CrowdStrike outage that swept across the world late on Friday afternoon.
Microsoft reported a faulty CrowdStrike update caused disruptions to 8.5 million Windows devices, with a significant number of New Zealand companies caught up in the mayhem.
While businesses are focused on getting systems back online or checking how key stakeholders have been impacted, it’s important they don’t let their guard down when it comes to cyber security.
Hackers thrive in chaos. The CrowdStrike outage is the perfect backdrop to launch a new wave of attacks looking to take advantage of stressed and confused workers.
As directors, you must ensure your teams stay vigilant.
The team at Aura Information Security has put together a number of tips you should focus on this week:
I know many organisations will be entirely focused on righting the ship, but businesses can’t afford to have a lapse in cyber safety. It’s well worth circulating these tips with your executive teams while giving them all the support they need to get through these stressful times.
At the director level, this incident is another good prompt to look at your organisation’s Incident Response or Disaster Recovery Plan, a document that outlines what to do in response to a natural disaster, cyberattack or IT outage.
Technology is a great enabler but with networks and digital supply chains so interconnected, the risk of a domino effect, where one technology outage or issue impacts a much wider group, is very real.
The truth is, most New Zealand organisations don’t have any sort of plan in place, or at least one that’s updated, recently tested and ready to be put into action. These are the companies that would have found themselves in a particularly vulnerable situation on Friday evening.
In the “fog of war”, a good plan helps guide operational staff to adopt back-up systems or processes, in order to keep critical business going. Even reverting back to pen and paper can be an effective way to stay operational – so your plan should factor in scenarios of what to do when reliance on IT is not possible.
We don’t know when the next global outage will occur, or when the next cyber incident will impact your business, but with an increasing reliance on digital infrastructure, it’s more likely than not that something similar will occur in the future.
So, for now, I advise all directors to put developing or updating your organisation’s Disaster Recovery or Incident Response Plan on the top of the board agenda. It may make all the difference next time you’re facing a crisis.