A Business Analyst's perspective on one of the most significant cyber incidents in history (so far) resulting in global chaos.
Bindu Channaveerappa
During my workshops and training sessions, I highlight the existential risk of technology failures, particularly the unavailability of internet access. Many, however, are unprepared to acknowledge that these scenarios can indeed occur. Like any other risk, when one like this manifest, such incidents become inevitable, and the best we can do is be prepared. Below is an article on how Business Analysts (BAs) can support cybersecurity teams in their endeavour to protect their organisations.
No matter how unlikely it may seem, any risk can manifest, and organisations must be prepared to act if it does. It is a fallacy to assume that certain risks won't happen just because they are documented as potential threats, especially existential ones. Today's global IT outage caused by a bug in CrowdStrike's "Falcon Sensor" software is a prime example of how a seemingly minor issue can escalate into a significant disruption. This incident, which impacted various sectors, from emergency services and healthcare to airlines and supermarkets, emphasises the potential for IT failures to become existential risks. So, how can Business Analysts (BAs) support such cybersecurity initiatives?
BAs play a crucial role in gathering and validating requirements. By identifying all potential impacts and dependencies during the requirements phase, BAs can help prevent issues like the one caused by the faulty update in the Falcon Sensor software. For example, before an antivirus software update is rolled out, a BA can facilitate comprehensive requirement sessions with both technical teams and end-users to ensure all potential scenarios and edge cases are considered.
BAs are adept at identifying and managing risks throughout the project lifecycle. Regular review of software updates and their impact on critical systems can help prevent incidents like the BSOD (Blue Screen Of Death) caused by the Falcon Sensor bug.
Effective stakeholder engagement is a core responsibility of BAs. By maintaining clear and continuous communication with all relevant parties, BAs ensure that everyone is informed about potential changes and their implications by managing expectations and preparing contingency plans in case of an unexpected outage.
BAs can contribute to the development and refinement of incident response plans. By working with cross-functional teams, BAs help create robust processes that outline specific actions to be taken during an IT outage and, in this case, steps for safe mode booting and file deletion, as outlined by CrowdStrike, can expedite recovery efforts during an outage.
Now, after the incident, BAs can facilitate root cause analysis sessions to identify the underlying issues and prevent future occurrences. Their analytical skills and ability to ask probing questions are invaluable in this process to understand how the Falcon Sensor update caused system crashes and develop action items to prevent similar issues in future updates.
BAs continuously seek to improve business processes. By analysing incidents and their impacts, BAs can recommend process improvements that enhance system resilience and reduce downtime. In this case, a probable implementation of a more rigorous testing and approval process for software updates based on lessons learned.
Another supporting hand for fortification
It is essential to acknowledge that this article does not mandate that BAs have all the answers or can prevent every incident. However, BAs can support their teams in fortifying their defences, as security is everyone's responsibility within an organisation. In an era where the impact of weak security can be catastrophic, the collaborative efforts of BAs with cybersecurity teams can significantly strengthen an organisation's overall resilience.
This global IT outage caused by CrowdStrike's software update serves as a stark reminder of the importance of proactive and strategic involvement of Business Analysts in both preventing and managing IT incidents. By leveraging their skills in requirements gathering, risk management, stakeholder engagement, and process improvement, BAs can significantly enhance an organisation's ability to withstand and recover from such disruptions. As the digital landscape continues to evolve, the role of BAs will become even more critical in ensuring seamless and secure IT operations.