PETALING JAYA: A recent unprecedented global tech crisis triggered by a faulty update from cybersecurity firm CrowdStrike serves as a stark reminder for businesses and providers of essential services about the need for a robust backup system, say experts

.They said the outage also raised concerns about whether such incidents could originate not only from a genuinely accidental glitch, such as that caused by CrowdStrike, but also from a calculated move by bad actors.

Ramesh Naidu, chief operating officer of cyber security provider Vigilant Asia, said business operators must have a backup plan, such as alternate technology or multi-cloud providers, to minimise the impact of glitches.

“What if such situations in the future are not the result of an error but a deliberate move by a threat actor?

“Companies must regularly simulate digital disaster scenarios to understand the real impact of such a glitch and always have an alternative system to fall back on.

“The impact from CrowdStrike’s faulty update to businesses was from the supply chain. They used it to protect their endpoints, but it ultimately crashed their systems.

“Because we extensively run our businesses from computers in this era, it caused significant issues. Any supply chain errors can also impact ewallets and payment transactions,” said Ramesh.

Cybersecurity specialist Fong Choong Fook said an effective way of ensuring that the operations of a business are not disrupted is to regularly review and carry out drills relating to a company’s disaster recovery plan.

He said the CrowdStrike incident revealed the fragility and vulnerability of the digital ecosystem, which could lead to major issues for businesses.

“We are too dependent on a single technology, which increases the risk of failure. If we install the same software on all our digital infrastructure and a glitch occurs, the entire operation is affected.“Businesses need to have a plan to overcome the worst and resume their operations,” he said.

Fong said there are IT protocols such as diversity of risk management, where different software brands are utilised for different functions in a company to ensure business continuity in case the system of a particular brand fails.

Network security and forensics specialist Asst Prof Dr Vinesha Selvarajah of Asia Pacific University of Technology and Innovation said the CrowdStrike outage showed that potential vulnerabilities and disruptions can exist in digital infrastructure even with leading cybersecurity providers.

She said any organisation or business that relied heavily on digital and cloud-based solutions should have a backup plan.

While technology promotes convenience, it also proves that a single point of failure could render many systems inaccessible, including the function of digital payments or ewallets, she noted.

She said accepting cash as an alternative payment ensures the continuity of transactions and maintains business continuity.

“We should be prepared with alternative measures. We could consider offline payment solutions at the point-of-sale system, which operates without Internet connectivity and synchronises once the connection is restored.

“Always revert to manual processing, which works the best. If cash is not the way to go, then we must conduct regular testing and drills of backup systems to ensure an effective recovery plan during disruptions,” Prof Vinesha said.

Certified fraud examiner Raymon Ram, who manages cybersecurity governance and data privacy frameworks for companies, said while digital payments offer convenience and efficiency, cash remains a universally accepted and reliable mode of payment.

He said ensuring the availability of cash transactions is crucial for maintaining operational resilience and providing consumers with alternative payment options during digital outages.

“Businesses must diversify their payment acceptance methods, including cash, credit or debit cards, and multiple ewallets, as it reduces dependency on a single system,” he added.

The CrowdStrike tech meltdown, seemingly a routine update meant to enhance security, affected millions of businesses and critical infrastructure worldwide.