NCC Group: Supply Chain Lessons from the Global IT Outage

Share
Mike Maddison, CEO at NCC Group
Mike Maddison, CEO at NCC Group, says the global IT outage has shone a particularly bright light on the challenge of supplier concentration risk

Thousands of businesses and other organisations across the globe saw their operations grind to a halt last week thanks to a defect in a CrowdStrike Falcon content update for Windows hosts.

Airlines, banks, healthcare providers and media broadcasters were among those left scrambling to get their activities back up and running – and many are still feeling the after-effects.

Of course, technology has the potential to go wrong, whether intentionally or due to human error. But what the global IT outage also showed is that disruption at one stage of a supply chain can cause devastating issues throughout, which, in turn, highlights the importance of cyber and digital resilience.

Mike Maddison, CEO at global cybersecurity expert, NCC Group, says the incident shone a particularly bright light on the challenge of supplier concentration risk. 

He explains: “If organisations rely on a small group of suppliers, or even a sole supplier, to deliver a critical service, this can quickly transform into a single point of failure not just for them, but across a particular sector or industry.

“The systemic risk across sectors is a concern that many regulators have and are looking to manage.”

Airlines, banks, healthcare providers and media broadcasters were among those impacted by the global IT outage

Risk management plans crucial

As demonstrated by the CrowdStrike bug, a single point of failure can wreak widespread havoc. 

In fact, the tangible impact it had on so many organisations around the world also reflects

the success Crowdstrike has had in achieving market penetration. 

“Thankfully, the events were not due to malicious intent,” Mike continues, “but they do serve as a reminder of the consequences of when technology goes wrong. 

“Unfortunately, the likelihood of malicious cyber activity remains high, particularly in times of geopolitical challenges, so organisations should be prepared to manage both accidental and deliberate disruption.”

It should be emphasised that, as our world becomes increasingly reliant on technology, the complexity of our digital supply chains intensifies. And, as the wider threat landscape continually evolves, organisations have a responsibility to protect themselves appropriately. 

Youtube Placeholder

Mike insists crisis management plans must be in place to mitigate against disruptive situations, with the following questions asked:

  • Do you have a clear response plan for crisis events? 
  • How often is it rehearsed? 
  • Is everyone, from the board, to your sales team, to your call centre, all clear about their roles and responsibilities? 
  • Are you confident that, while people and resources are diverted in a crisis, you still have enough focus on ensuring everything else is running to plan?

“There’s a balance that can be struck here, however,” adds Mike. “Realistically, organisations cannot prepare for every possible thing that can go wrong.

“Instead, this is about pragmatic risk management, undertaken in a way that is specific to your organisation, the challenges you face and the complexity of your digital infrastructure. 

“It should ensure that, whatever crisis you have, the people, processes and technology are in place to manage it. Being resilient is the ability to come through a crisis – to survive and thrive.”

The global IT outage was caused by a defect in a CrowdStrike Falcon content update for Windows hosts

Understanding the IT supply chain

Alongside the aforementioned preparation, Mike’s take is that organisations must ensure they have a deep understanding of their IT supply chain. 

He asks:

  • Who delivers what, and how? 
  • Is guidance in place in the event of service outage or disruption? 
  • Have you considered what’s in the contract? 
  • Are your teams well versed on how they will manage those stakeholders during a crisis? 
  • Do your suppliers have similar assurance measures in place for their suppliers?

Clearly, considering the full spectrum of supply chain resilience is essential. For example, what would happen if a supplier of critical software was no longer able to supply that software or perform updates? 

Mike goes on: “Protecting the critical source code behind that application by keeping a current copy in escrow can be an effective, proportionate way to manage risk in such cases. 

“Though extreme, complete supplier failure isn’t outside the realm of possibility. And, as we saw, disruption due to software supplier incidents can occur and be hugely disruptive. 

“So, if a critical component of your business relies on software supplied by a third party, this is a relatively simple step that can give you additional peace of mind.”

A full picture is yet to be painted of the IT crash and the extent of the damage caused, but, as more detail comes to light, the widespread hope is that lessons can be learned and, more importantly, shared. 

Mike concludes: “Ultimately, the aim should be to help keep organisations – indeed, wider society – safe and secure. 

“In our increasingly digital world, we must work together to keep pace with the technology risks we all face, day in, day out.”

******

Check out the latest edition of Supply Chain Magazine and sign up to our global conference series – Procurement and Supply Chain LIVE 2024

******

Supply Chain Digital is a BizClik brand.

Share

Featured Articles

Guinness and the Challenge of Balancing Supply and Demand

Guinness’ soaring popularity among younger drinkers and women has led to unprecedented demand, forcing pubs to navigate order limits ahead of Christmas

Tonkean & Beroe's bid to Transform Procurement Orchestration

Tonkean and Beroe's launch of Market Intelligence-Infused Orchestration for procurement processes looks set to revolutionise supply chain decision-making

UPDATED VENUE & DATE – PSC LIVE Chicago 2025

PSC LIVE Chicago announces important changes to its venue and date for the co-located event with Sustainability LIVE and Manufacturing LIVE in 2025

Returns Tuesday: The Ultimate Reverse Logistics Challenge

Logistics

Supply Chains at a Crossroads as Plastic Treaty Talks Stall

Sustainability

Cyber Monday: Sustainability in the Digital Shopping Boom

Sustainability