Thursday 6th December 2018, the UK got slightly quieter than normal and not in a good way as the telephone provider O2 lost their ability to provide a working mobile data network. News started to spread across the network that issues where arise and the social media scenes where full of people complaining that they couldn’t access the network.
Initially O2 were fairly quiet, I’m assuming they were scrambling to try and work out what was the root cause of the problem, however after a while they mentioned that the issue was down to a third-party supplier.
As time went on it transpired that the third-party was in fact Erricson and that the cause of the problems and that it was down to a digital certificate which had expired.
Mobile technology is a common place and customers of mobile providers expect that their service is always going to be available, however when things go wrong it can go badly wrong quickly. As in the O2 incident it was found that it wasn’t just consumers who were affected, but digital bus timetables and payment terminals were also affected.
Businesses should always consider risks when building systems, whether this is adding double or even triple redundancy into systems there should be minimal risk of losing entire systems. When production systems are in place, appropriate monitoring of systems should be performed to ensure that “assets”, like the digital certificates are not going to expire unexpectedly. When monitoring systems, core systems and processes should be monitored and alerted upon when certain thresholds are passed, for example, cpu, memory, disk, power, internet connection.
When TeraByte are talking to our customers, whether new or old, we are always talking about risk and the supply chain, it is often a surprise to a lot of businesses when we talk to them about how often have they assessed their suppliers? Do they know how their suppliers store and manage their personal data? Do they know where the data is being stored? How to they manage their own risk? These are all valid questions and should form part of your own business supplier checks.
What happens if you haven’t checked your supplier? Its not a problem, its never to late to start, perform simple checks, ask them the above questions and more and see what reply you get from them. Check their websites, some larger companies have sections dedicated to security and maintenance of your data.
One certification TeraByte promote is Cyber Essentials with the IASME governance. This governance is based upon Cyber Essentials, however it focuses on risk, and talks about supply chain checks, business continuity and disaster recovery. If you, as a business, are serious about ensuring your business is doing all it can, I’d highly recommend undertaking Cyber Essentials with IASME governance.
If your interested come and talk to TeraByte for more information.
Tel: 01325 628587