The cyberquake

There is a need to redefine cyber-strategy amid global IT turbulence

The cyberquake


A

significant and disruptive shift is happening in the global IT sector due to escalating cyber threats and rapid technological advancements. This highlights the need for businesses and organisations to adapt their strategies in response to the growing frequency and severity of cyberattacks, the rapid advancement of technology, and the increasing complexity of the digital environment. IT outages necessitate resilience to prevent significant operational disruptions and potential business failure. The global IT infrastructure landscape is increasingly strained due to a surge in cyber threats, such as ransomware and data breaches. Additionally, distributed denial of service (DDoS) attacks, technological failures—including software bugs, system outages, and hardware malfunctions—along with natural disasters and geopolitical conflicts, are contributing to a volatile and challenging environment for IT systems.

Microsoft has encountered significant global IT turbulence over the recent years, evidenced by notable service disruptions and security breaches. Key incidents include the Azure outage in September 2020 (non- PITA) the outage disrupted a range of services, including virtual machines and databases, impacting numerous businesses worldwide. This incident highlighted the importance of continuous improvement in configuration management, resilience, and effective communication during outages, reinforcing the need for robust incident management processes to swiftly address and resolve issues. The Microsoft 365 service disruption in March 2021, resulted from DNS misconfigurations and network issues, respectively. These outages led to widespread service interruptions and impacted numerous businesses worldwide. As of 2024, Microsoft continues to struggle with serious issues, including recurring system failures and unresolved security vulnerabilities. A critical IT failure that caused extensive global turbulence characterised as the most severe in history, impacted aviation operations, healthcare systems, and various business functions. The incident was precipitated by a malfunctioning software upgrade to Microsoft’s Windows operating system, recognised by CrowdStrike, a US-based cybersecurity firm. The failure resulted in widespread cancellations of flights and medical appointments, disruption of payroll systems, and the suspension of television broadcasts. The upgrade led to numerous instances of the “blue screen of death”. The event affected approximately 8.5 million Windows devices. The financial repercussions of this outage are projected to surpass $1 billion.

These persistent patterns highlight the need for improved risk management and more proactive measures to prevent and mitigate such issues. Many incidents throughout history highlight the need for vigilance, resilience, and proactive measures. In December 2013, the PITA case of Target data breach in which malware introduced via compromised third-party vendor credentials exploited weaknesses in Target’s security. This caused significant operational disruptions, increased risk of identity theft for customers, and severe reputational damage. The financial fallout included over $200 million in legal fees, remediation, and a temporary drop in sales and stock price. This event highlighted the necessity for enhanced incident response strategies, and clear customer communication to address trust and reputational issues.

In the 2017 Backdoor exploit, shadow brokers leaked Eternal Blue—a zero-day exploit developed by the NSA, which exploited a vulnerability in Microsoft’s SMB protocol. This exploit was used in the WannaCry ransomware attack, rapidly spreading malware that encrypted files and demanded ransom payments. It caused widespread disruption across numerous organisations globally. The incident underscored the critical need for timely patch management, effective cybersecurity defences, and proactive threat intelligence to guard against sophisticated exploits and ransomware attacks.

IT outages necessitate resilience to prevent significant operational disruptions and potential business failure. 

In October 2020, a suspected cyberattack targeted the power grid infrastructure in Mumbai, India. The attack was believed to be carried out by a state-sponsored group using sophisticated malware to infiltrate the power control systems. The cyberattack led to a significant power outage, disrupting daily life, affecting transportation systems, and halting business operations in Mumbai. The attack highlighted the vulnerabilities in critical infrastructure and the potential for cyber warfare to cause large-scale disruptions. The attack underscores the urgent need for strengthening cybersecurity measures in critical infrastructure sectors, implementing robust incident response strategies, and enhancing cooperation between government agencies and private sector entities to safeguard against cyber threats.

Before Microsoft, many other incidents in the past have the potential to pose significant threat in the future to the CIA, defence, satellite communication, data leaks, and critical infrastructure like power plants. Attacks like SolarWinds cyberespionage 2020 in which state-sponsored actors, likely Russian, infiltrated SolarWinds’ software development process, injecting malicious code into Orion software updates. The compromised updates were distributed to 18,000 customers, including US government agencies and private companies, leading to unauthorised access, data exfiltration, and operational disruptions. The attack emphasised the need for robust supply chain security, advanced threat detection and response capabilities, and enhanced public-private collaboration for cyber defence. Mostly such attacks come from Russia and North Korea and are future threats to the whole world.

Following are some recommendations to prevent future incidents:

Develop and enforce global interoperability standards for IT systems to ensure seamless integration and failover capabilities across different platforms and vendors.

Proactive threat intelligence system that uses AI or machine learning that predict these IT outages caused by cyberattacks and system failure.

Conduct regular resilience tests such as simulated cyber-attacks and disaster-recovery exercises to ensure systems are prepared for real-world IT disruptions.

Promote international cooperation and information sharing among governments, private companies, and cybersecurity organisations like hackathon competition prizes or job offers in return for strengthening collective defences against IT outages.

Every state should make a computer emergency response team, which will respond or be activated first.

Support the creation of comprehensive regulations that require minimum resilience standards for critical IT infrastructure, ensuring essential services remain operational during outages.

Initiate public awareness campaigns to educate businesses and individuals about best practices for IT security and outage preparedness.

These incidents and recommendations should be taken under serious consideration. Microsoft needs to enhance its infrastructure and incident response strategies to prevent future outages. The world must recognise the severity of past incidents and should adopt the NIST cybersecurity framework to ensure resilience and safeguard against potential disruptions. Otherwise, these threats collectively pose significant risks to the stability and functionality of a state’s critical infrastructure.


The writer is a freelance contributor

The cyberquake