Network Security
Vulnerability Management
Privileged Access Management 
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Although Cyber Security is often seen as technical and maybe even dull, it has many similarities to our day-to-day life. In this blog I call out one of the most important – You Only Know What You’ve Got When Its Gone.
Let me start by putting this statement into context in the current chapter of my personal life.
My World Just Changed
Recently my daughter told me that she didn’t want to hold my hand as we were nearing her school. When we were walking to school but not in the immediate vicinity, hand holding was fine. In fact, she was happy even. But the new rule was clear: not near the gates. Not when there was a chance her friends and peers may see.
Note – In writing this, I have made the judgement that not many primary school children are reading cyber security articles!
Let me put this into context, I’ve been here before with my older children, so I knew this moment was coming.
And yet, in the moment my daughter very gently and kindly delivered the news to me, I felt something shift quietly inside me. It wasn’t grief exactly more of a recognition that a small, ordinary thing I had taken completely for granted was beginning to fade and I hadn’t ever stopped to appreciate it fully while I had it.
And to be frank, that’s the nature of things we depend upon. We don’t value them until they’re no longer there. I knew this moment was coming, of course it was!
The Internet Is the Same
Think about what you did yesterday morning. I imagine at some point you checked emails, joined a call, logged into an application or platform, maybe even placed an online order or approved a payment.
Every single one of those actions rested on an assumption that is so fundamental you didn’t even make it consciously. And that is, that you assumed technology would work.
Most days, it does and because it does, you never think about it.
Think back to the 19th of July 2024. This is the day when CrowdStrike pushed a faulty software update and an estimated 8.5 million Windows devices went offline simultaneously. Airlines couldn’t board passengers, Hospitals reverted to paper, Banks went dark even some broadcasters went off air. Businesses that had never once considered themselves reliant on a single piece of software discovered, in the space of an hour, just how wrong they were.
Fortunately, the world didn’t end! But for a few hours, vast parts of it became completely helpless.
That is what dependency looks like when the thing we depend upon disappears.
We Assume Continuity
The reason this catches organisations off guard isn’t negligence, at least not always. It’s something more human than that.
We are wired to assume that what has always been available will continue to be available. Whether that’s the lights coming on, the tap running or even that the internet will be available.
Psychologists call this normalcy bias. The tendency to underestimate the likelihood of disruption because disruption has not happened to us yet and in business, this bias is expensive.
When I worked as a cyber detective, I saw it repeatedly. Organisations that had never suffered a serious incident genuinely believed they were prepared. They hadn’t tested their resilience and, in some cases, had no right to be thinking that way, but because nothing had gone wrong so far, they felt like they were ready.
The absence of failure had been mistaken for the presence of readiness. In hindsight it was clear to these organisations they are not the same thing, but hindsight is too late.
Your Business Is More Fragile Than You Think
Consider for a moment what your organisation cannot do without its technology functioning. Not the things that become harder but the things that simply become impossible.
Whether that be taking orders, communicating with suppliers, serving customers, accessing data such as contracts, processing financial records or patient data and even paying staff.
Most businesses today are built upon technology and are dependent upon it. Yet very few leadership teams have sat down and mapped that dependency honestly. They have not asked which systems are critical, what happens when they fail, or how long the business can sustain operations without them.
CrowdStrike was a software update and not a cyber attack. The fragility it exposed had nothing to do with malicious intent and everything to do with unexamined dependency.
A ransomware attack, a supply chain compromise, a third-party outage, all of these carry the same lesson. If you have not thought about what you depend upon, you will only discover it in the worst possible moment.
My Daughter Will Grow in Independence But Your Business Cannot Afford To
What I feel watching my daughter grow is huge pride as she becomes her own person. Her independence is healthy and right and something that brings me immense joy.
Digital dependency in business works differently, you do not grow out of it. You can’t because it just deepens with every new tool, cloud migration and every automated process adding further layers.
The question is not whether your business depends on technology, because it likely does. The question is whether your leadership understands that dependency and has made conscious defensible decisions about how to protect it.
That means knowing which systems are critical and testing what happens when they fail. And more than that, having an action plan in case of technology failure that does not rely entirely on the IT team being available and fully functional at two in the morning.
The key ingredient here is making sure the people who lead the organisation and not just those who manage the infrastructure, understand what is at stake.
The Challenge
The hand holding will stop, that is inevitable. I knew it was coming; I had experienced this moment before with my older children, I didn’t expect to be holding hands with my children when they were adults!
You don’t know when a cyber attack is coming, it may never happen.
Map your critical dependencies this quarter and pressure test your assumptions. Ask the question your board has been quietly avoiding: if our core systems went offline tomorrow morning, what would we actually do?
Because the organisations that cannot answer that question are not secure. They are simply lucky. And luck, as CrowdStrike reminded eight and a half million devices in a single morning, has a habit of running out without warning.
If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube.
