Three Steps to Becoming an Adaptive Cyber Resilient Organization
Rick Lemieux – Co-Founder DVMS Institute
CrowdStrike recently reported that a software bug in its quality-control system caused the software update that crashed computers globally last week.
“Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,” CrowdStrike said in a statement, referring to the failure of an internal quality control mechanism that allowed the problematic data to slip through the company’s safety checks.
CrowdStrike did not say what that content data was nor why it was problematic. A “Template Instance” is a set of instructions that guides the software on what threats to look for and how to respond. CrowdStrike said it had added a “new check” to its quality control process to prevent the issue from occurring again.
The extent of the damage from the botched update is still being assessed. On Saturday, Microsoft said about 8.5 million Windows devices had been affected, and the U.S. House of Representatives Homeland Security Committee has asked CrowdStrike CEO George Kurtz to testify.
The financial cost was also starting to come into focus on Wednesday. Insurer Parametrix said U.S. Fortune 500 companies, excluding Microsoft, will face $5.4 billion in losses due to the outage. Malaysia’s digital minister called on CrowdStrike and Microsoft to consider compensating affected companies.
The incident has raised concerns among experts that many organizations are not well-prepared to implement contingency plans when a single point of failure, such as an IT system or a piece of software within it, goes down.
View Your Cyber Business Strategy Through a Cyber Risk Lens
At many companies, the focus on strategic risk has broadened; it is no longer limited to traditional areas such as operational, financial, and compliance risk. Recent cyber incidents and emerging trends suggest that companies take a broader view of strategic risk and integrate strategic risk analysis into their overall business strategy and planning processes.
Using a strategy-risk approach to cyber risk management supports the idea that digital business value creation requires protection. Anything not appropriately protected has no value because it is open to theft, misuse, or degraded performance.
View Your Cyber Business as a Complex Adaptive System
In the dynamic landscape of the digital world, a cyber business is more than just a collection of interconnected systems; it’s a complex adaptive system. This perspective profoundly explains the intricate relationships between various components and their ability to evolve and adapt.
A complex adaptive system is characterized by many interacting agents, each with its own behavior and decision-making capabilities. In the context of a cyber business, these agents can include customers, employees, partners, competitors, and even software applications. Their interactions create emergent properties—unpredictable patterns and behaviors that arise from the system rather than from individual components.
The cyber environment is inherently unstable and subject to constant change. New technologies, market trends, and cyber threats emerge rapidly, forcing businesses to adapt or risk obsolescence. A complex adaptive systems approach recognizes this dynamism and emphasizes the importance of flexibility and resilience.
You can gain several advantages by viewing your cyber business as a complex adaptive system. Firstly, it helps you to identify potential vulnerabilities and risks. Understanding the interconnectedness of components and the culture that underpins it allows for proactive measures to mitigate threats. Secondly, it enables you to foster innovation and creativity. You can unlock new opportunities and stay ahead of the competition by encouraging experimentation and adaptation. Lastly, it promotes a more holistic approach to decision-making, considering the impact of actions on the entire system rather than isolated components.
However, managing a complex adaptive system is challenging. It requires a deep understanding of the system’s dynamics, effective communication, and a willingness to embrace uncertainty. Additionally, it necessitates a cultural shift towards experimentation, learning, and continuous improvement.
Adopting a complex adaptive systems perspective can transform how you perceive and manage your cyber business. By recognizing its components’ intricate interplay and capacity for evolution, you can build a more resilient, adaptable, and successful enterprise in the digital age.
Make Performance, Resilience, and Trust a Top Priority for Your Cyber Business
The digital age has transformed how businesses operate, interact with customers, and manage their assets.
Concurrently, the threat landscape has evolved, with cyberattacks becoming increasingly sophisticated and pervasive. This necessitates a holistic approach to security that prioritizes protection, performance, resilience, and trust.
Cyber performance is the efficiency and effectiveness with which an organization can deliver its digital services while maintaining security. It involves optimizing systems, processes, and technologies to ensure seamless operations. High cyber performance is characterized by minimal downtime, rapid incident response, and continuous service delivery. For instance, a financial institution with robust cyber performance can process transactions swiftly, accurately, and securely, thereby enhancing customer satisfaction and maintaining its competitive edge.
Cyber resilience is an organization’s ability to withstand, adapt to, and recover from cyberattacks. It encompasses various aspects, including identification, prevention, detection, response, and recovery. A resilient organization can minimize the impact of a breach, protect critical assets, and restore normal operations promptly. For example, a healthcare provider with a strong cyber resilience posture can safeguard patient data, maintain critical services, and prevent disruptions to care delivery.
Trust is the cornerstone of digital interactions. It is the confidence that customers, partners, and stakeholders have in an organization’s ability to protect their data and systems. Building and maintaining trust requires transparency, accountability, and consistent performance. Organizations prioritizing trust invest in robust security measures, communicate openly about incidents, and demonstrate a commitment to protecting customer interests. For instance, an e-commerce platform with a strong reputation for trust can attract more customers, increase sales, and build long-term loyalty.
The interplay between cyber performance, resilience, and trust is evident. High performance and resilience contribute to building trust. Conversely, a strong foundation of trust enables organizations to focus on performance and resilience initiatives. Organizations that excel in all three areas gain a competitive advantage, reduce risks, and enhance their overall business performance.
Cyber performance, resilience, and trust are interdependent pillars of a successful digital strategy. By investing in these areas, organizations can mitigate risks, protect their reputation, and create a sustainable competitive advantage. Adopting a proactive approach to cybersecurity, continuously assessing vulnerabilities, and implementing measures to enhance performance, build resilience, and foster trust is imperative.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
The DVMS Institute teaches organizations of any size, scale, or complexity an affordable approach to mitigating cyber risk to protect digital business performance, resilience, and trust.
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders
® DVMS Institute 2024 All Rights Reserved