Last week the Federal Aviation Administration (FAA) announced a nationwide ground stop of all flights. Approximately 9,000 flights were delayed, and over 1,000 flights were canceled. The reason why? The NOTAM system (short for Notice to All Air Missions), which is designed to provide real-time information to pilots and air traffic controllers with critical information before takeoff, was down. This system is designed to alert you of such things as runway hazards or unsafe weather conditions and is therefore critical to safety.
According to reports, it was during routine maintenance that an engineer replaced one file with another. Unaware that the replacement had been made with a corrupted file, a cascade of failures then followed. A complete reboot was needed.
This was not an attack, and it was not intentional sabotage by an individual. Simply put, it was human error. Could it have been prevented? We’ll likely never know. The point of mentioning this news is to show that one simple human decision can take down an entire industry.
It was acknowledged that the system is outdated. And when the error occurred, it seems that there were contractors who did not follow the government’s procedure. Was there a plan in place for such a situation? Did they do regular Security Risk Assessments to address the issues? Was there a contingency plan should anything fail?
These are the questions that every business needs to ask and address in its own strategy and success plan.
To be clear, we realize that this was not a cyberattack. But it was humans, that made (likely) unintentional mistakes, and they were just….being human. They didn’t know it was a corrupted file. They had trust in themselves and the job that they were doing because it was something that they may have done many times before. There wasn’t any reason to assume the file was corrupted.
The point we want to make is that it could have been your office and your employee clicking on a phishing email that looked like a hundred emails that they have seen before. It could have been someone that you hired on a contractor basis. It could have been a phishing email and it could have led to your own shutdown.
Too often we think that we have the right software in place, or the latest hardware installed and we assume these protect us from failure or attack. It isn’t always the cybercriminal lurking ‘out there’ that is the greatest threat to your business.
Train your team to be your strongest defense against cybercrime. It is your best approach to avoid having one person that makes one mistake, which affects your business, your clients, and your reputation. Having a plan in place, ongoing training programs that are mandatory, and tools and resources that change with the threat landscape will offset the risk of your business succumbing to human error.