Contingency planning and crisis communication
The outage also raises important questions about contingency planning and crisis communication. As Microsoft and CrowdStrike scrambled to resolve the issue, their shares fell by 0.8% and 13% respectively by lunchtime in New York, and the impact on operations persisted, with some companies including Dutch carrier KLM resorting to manual systems or advising passengers of delays. Organizations must have robust plans in place to manage such crises, including clear communication strategies.
In a crisis, it’s crucial to communicate frequently and transparently with clients. Organizations should share what is happening, the steps being taken to resolve the issue, and how they are supporting their customers/partners. Even if the outage is due to a vendor, like in Microsoft’s case, the organization remains responsible for its users’ experience and must avoid appearing helpless or overly dependent on the vendor.
This happened before with the SolarWinds hack, a big cyber-attack that came to light in late 2020. On that occasion, attackers inserted malicious code into the company’s Orion software updates. This tainted software was then disrupted to SolarWinds customers over the ensuing months, compromising thousands of organizations, from Fortune 500 companies to US government agencies.
Clearly, even with trusted software vendors like SolarWinds was, risks need to be managed, and no matter how strong your cybersecurity strategy is, there will always be some risk.