By Gaurav Keerthi, Head of Advisory and Emerging Business, Ensign InfoSecurity
In an increasingly digital world, disruptions are inevitable, and recent incidents highlight the impact on everyday lives. A failed software update by CrowdStrike led to device crashes and queues at airports, while a vulnerability in Mobile Guardian’s platform saw Singaporean students lose essential revision notes weeks before exams. Mobile Guardian’s services were terminated by The Ministry of Education. In each instance, we are left asking: can such disruptions be prevented, or is mitigation the real focus?
Digitalisation offers undeniable advantages but brings with it significant risks. Complex systems mean that even minor issues can escalate quickly, leaving end-users—like students, businesses, and consumers—as collateral damage. As reliance on digital infrastructure deepens, we must question not just how to prevent these disruptions but also how to better insulate ourselves against their effects.
Mitigating Disruptions:
1. Minimising impact through resilience planning
A key takeaway from these incidents is the importance of resilience. The CrowdStrike incident highlights that organisations, including schools and enterprises, must have robust contingency plans. High-impact scenarios such as internet outages, data corruption, or hardware crashes require preparedness that goes beyond daily operations. Schools and businesses alike should employ scenario planning and implement safeguards to maintain operational continuity, even if only in a limited capacity.
Practical examples include hybrid setups, fallback systems, and manual controls—a “degraded” mode that keeps essential functions active until full recovery. Take for instance, when I was designing my smart home, I ensured manual light switches were in place as a fail-safe against system malfunctions. Planning for such scenarios reinforces trust and provides assurance that essential services can withstand digital disruptions.
2. The value of backups as a digital safety net
The loss of student notes in the Mobile Guardian breach underlines the critical value of data backups. Data often has irreplaceable value—much more than the hardware it’s stored on. Regular, secure backups are essential for individuals and organisations alike, mitigating risks associated with data loss from hacks or system failures. For individuals, cost-effective solutions such as external drives or cloud backups offer substantial protection. Personally, while I may be a traditionalist, I maintain both a physical and digital backup of my notes, scanning handwritten entries for added assurance. In the digital age, reliable backups are the cornerstone of preparedness.
3. To build or buy? Evaluating outsourced technology
Finally, the decision to outsource or build technology in-house is a fundamental one with far-reaching implications. Outsourcing may reduce costs and accelerate time-to-market, yet it introduces inherent risks tied to third-party vendors. Conversely, developing in-house solutions, though resource-intensive, provides greater control over security. Many governments and large corporations face this dilemma. For instance, Singapore developed its own biometric authentication solution, while other countries opted for commercial vendors.
As Singapore’s Smart Nation initiative evolves, expanding local industry capacity could make domestic “build” options more viable. This option would support a self-sustained technology ecosystem, reducing dependency on foreign providers and contributing to national resilience.
4. Holding vendors accountable
Working with third-party software introduces risks that must be mitigated through diligent vendor selection and stringent contractual obligations. Certifications like Singapore’s Cyber Essentials and Trust Mark help validate a vendor's security maturity, but they don’t ensure immunity from vulnerabilities. Rather, a pragmatic approach includes contractual mandates for continuous monitoring, penetration testing, and regular patching, supported by a responsible disclosure policy. For larger vendors, integrating these measures as requirements within tender processes could encourage better cybersecurity practices.
Adapting to the Digital World’s Inherent Risks
Unfortunately, digital disruptions will persist. Individuals and organisations must understand the associated risks and adapt accordingly. For students affected by the Mobile Guardian incident, this serves as a stark reminder of the importance of backing up data. For businesses hit by the CrowdStrike outage, it’s a lesson in resilience and scenario planning. And for organisations relying on external software, it highlights the need for stringent security evaluations.
As we continue to integrate digital technologies into our daily lives, embracing these lessons will help us mitigate future risks and shield ourselves from the most severe impacts of digital disruptions.