The events of last Wednesday proved that things often do come in threes. The “rule of three” reared its ugly head, as technical failures occurred at three large American organizations: the New York Stock Exchange, United Airlines, and The Wall Street Journal. United Airlines grounded all flights nationwide, wasn't able to conduct background checks of passengers, and left flight attendants handwriting tickets (many of which were not accepted by TSA agents). Then, the NYSE suspended trading for almost four hours, the first time in a decade that trading was halted during regular business hours. The Wall Street Journal's homepage also faced difficulties and was offline for almost an hour.
What caused this poor performance? There was initial speculation about whether the sites had been hacked, but that theory was quickly debunked; even White House press secretary Josh Earnest, at a press briefing, stressed there was no sign of “malicious actors.” The NYSE and UAL blamed their outages on technical issues; the NYSE suffered what it called a “computer glitch,” and the United Airlines cited a faulty router that effectively shut down its network.
But we believe the focus on hacking is too easily cited and too often misplaced. It implies that hacking is an organization’s only concern; when something goes awry….BLAME THE HACKERS! The idea of cyber attackers finding your weaknesses and exploiting them is worrisome, to be sure, but when your own internal systems are not prepared for failures you've internally created, that's the real problem.
As technology becomes a more integral part of business and consumer life, vital and sensitive information is increasingly at risk from both external and internal threats. Look at last year’s data breach at Target that resulted in the theft of 40 million of its customer's credit card information (later on it was revealed that additional personal information, like email and mailing address, had been stolen from between 70 to 110 million people). The hackers were successful, not only because they successfully infiltrated the Target network, but Bloomberg reports the company also ignored key warning signs that it was at risk. Potential vulnerabilities come from not reading, or not being able to read, the signs that your systems aren't working as they should.
The risk of failure has increased as organizations have cobbled together old and new technologies that result in fragile and opaque systems. Being able to look inside applications to see the structural quality of what is being offered allows for early defect detection and visibility into potential risk and vulnerabilities. A detailed system-level analysis may have been helpful for the organizations that were affected by yesterday's technical misfires. And it may help yours at some point.
It's uncertain what the exact loses were from yesterday's technical fiasco - but a fair guess would be a loss in customer confidence and a downturn in stock sales, not to mention a potential loss of billions of dollars in revenue; in one day, the NYSE handles transactions totaling almost $56.7 billion, which translates into an average hourly volume of $8.72 billion. So, that means a theoretical loss of $26.16 billion. Now, of course, many of those trades may have gone to other exchanges….but it begs the question of how much the NYSE itself lost, not to mention the loss to its reputation as an “always-on” exchange.
There is no way to create risk-free technology, but building systems that are responsive to failures and maintaining them with heightened visibility will lessen the chances of businesses losing the battle of protecting their technical assets.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.