Does your cybersecurity strategy ensure system availability?

Checklist

1. Have we considered mitigation against risks caused by lack of availability, as well as integrity and confidentiality?
2. Do we have contingency plans in place for incidents like the Microsoft outage, and have we tested them?
3. Do we have a communication strategy in place for such incidents, where the solution is not within our control?
4. Do we test updates before releasing them?

4 ways to mitigate risks to system availability

1. Beware of depending heavily on a single large IT vendor…

Larger vendors offer better pricing due to economies of scale and can be attractive due to their expertise. However, over-reliance on one vendor means that any disruption to their service could have a severe impact on the availability of your systems.

2 … but don’t complicate things by over-diversifying

Diversification of vendors, while beneficial in reducing risk, must be managed carefully to avoid the complexity and inefficiency of dealing with too many different systems.

3. Test all updates

As the complexity of your IT systems continues to increase, proper testing before deployment becomes increasingly critical. Instead of blindly implementing updates and patches from your vendors, check whether you can test them before releasing them.

4. Put incident-response plans in place

Put robust plans in place to manage crises, including clear communication strategies. In a crisis, it’s crucial to communicate frequently and transparently with your clients. Share what’s happening, the steps you’re taking to resolve the issue, and how you’re supporting your customers/partners. Even if the outage stems from a vendor, you are responsible for your customers’ experience and must avoid appearing helpless or overly dependent on the vendor.