The Banking Executive Magazine - August 2024 Issue

Towards a Universal Ecosystem Windows crashed because of the faulty way a code update issued by CrowdStrike is interacting with Win- dows. CrowdStrike, a multibillion-dollar firm, has expanded its footprint around the world in its more than decade of doing business. Many more businesses and governments are now protected from cyberthreats because of this, but the dominance of a handful of firms in the anti-virus and threat-detection marketplace creates its own risks, according to ex- perts. Experts argued that without diversity of cybersecurity providers there is fragility in technology ecosystem. Winning in the marketplace can ag- gregate risk, and then all consumers and companies alike bear the costs. BLAMING THE EU REGULATION Microsoft stated that the European Union (EU) is to blame for the world's biggest IT outage following a faulty security update. The 2009 an- titrust agreement with the European Union forced Microsoft to sustain low-level kernel access to third-party developers. The 2009 agreement in- sisted on by the European Commis- sion meant that Microsoft could not make security changes that would have blocked the update from cyber- security firm Crowdstrike that caused an estimated 8.5 million computers to fail. GENERAL CAUSES OF IT CRASH IT crashes can be caused by a variety of factors, including both hardware and software issues. Common causes include: • Hardware issues such as failure of Random Access Memory (RAM) or Hard Disk, overheating and weak or fluctuating power supply • Software issues such as buggy or corrupt device drivers, operating system bugs, and third-party Soft- ware that are poorly designed. • Other causes may include virus or malware. Malicious software can disrupt normal operations and cause crashes. Invalid Memory Ac- cess from programs trying to access forbidden memory locations can cause crashes. Buffer Overflow and overwriting memory can lead to crashes. Unhandled exceptions including errors that the system or application cannot handle can cause crashes. STRATEGIES TO PREVENT FUTURE GLOBAL IT OUTAGE Building resilience is essential. Busi- nesses and governments need to understand their exposures. Crowd- Strike and Microsoft are both rep- utable. But whenever an organisation is too reliant on an individual provider, there is always a risk, how- ever small, of failures hitting its wider processes. Once vulnerabilities are mapped, or- ganisations need to build redun- dancy into their operations and develop contingency plans to ensure critical functions can still work in the worst-case scenarios. This includes diversifying their IT infrastructure by having more than one cyber security, operating system, or cloud provider. Closer collaboration between the public and private sector is essential. Businesses benefit from accessing se- cure digital networks, as well as the public services that rely on them. This means there should be a com- mon interest in sharing information on breaches, vulnerabilities, and stress tests. The cost of switching be- tween IT providers, interoperability, and the ability of new entrants to compete also needs effective moni- toring. But co-operation between regulators and tech firms is important to ensure any regulations are tar- geted, and do not stifle innovation. Single points of failure also lurk more broadly in our globalised and highly networked economies. The pan- demic highlighted how many busi- nesses had become over-reliant on China-linked supply chains that sup- ported their uber efficient just in time delivery models. The logic of mapping, contingency building, and collaborating holds for mitigating most concentrated risks. Building resilience into physical and digital economic systems is essential, and should not be postponed. This will come at a cost, but will bring the benefit of insuring against even cost- lier threats. General strategies to prevent IT crashes include: • Ensuring hardware reliability: by using quality components and high-quality and reliable hardware to minimize failure rates, imple- menting redundant systems such as RAID for storage, backup power supplies to ensure continuity in case of hardware failure, and con- ducting scheduling regular mainte- nance checks to identify and replace failing components. • Ensuring software stability: by exe- cuting regular updates thus keep- ing all software, including operating systems and applica- tions, up to date with the latest patches and updates, and conduct- ing compatibility testing to test new software and updates in a controlled environment before de- ploying them widely, and choosing reliable software that are well-re- viewed and compatible to avoid conflicts and crashes. • Adopting various security meas- ures: this involves using antivirus and anti-Malware to protect against malicious attacks, using firewalls and intrusion detection systems to prevent unauthorized access, and conducting regular se- curity audits to identify and ad- dress vulnerabilities. • Conducting monitoring and diag- nostics tools to continuously mon- itor system performance and detect issues early, regularly reviewing system logs to identify potential problems before they cause crashes, and conducting stress test- ISSUE 188 AUGUST 2024 the BANKING EXECUTIVE 11