Planes grounded across the world, hospitals forced to cancel operations, thousands of businesses disrupted. Comparisons to the pandemic or a doomsday movie are easy, but the reality of the situation has left many feeling a little fragile. 

‍

A buggy update by cybersecurity provider CrowdStrike to its Falcon product led to the blue screen of death for many Microsoft machines around the world - Crowdstrike’s products are used by over almost 60% of Fortune 500 companies.

‍

Questions are naturally raised over whether these incidents can be avoided for other enterprise companies. And the answer is, well, yes. 

‍

How Enterprises Can Avoid a Similar Fate to CrowdStrike

‍

The CrowdStrike Falcon incident highlights several organisational vulnerabilities that allowed the defective update to cause widespread disruption. Typically, organisations have complex IT infrastructures with interconnected systems and dependencies. This makes them susceptible to cascading failures when a critical component is compromised. 

‍

Additionally, the nature of siloed organisational structures often exacerbates these risks. In many cases, cybersecurity, IT infrastructure and Change Management teams operate independently, with insufficient communication and coordination between them. This lack of integration can result in gaps in monitoring and risk assessment, as the cybersecurity team may not be fully aware of the IT infrastructure's intricacies and vice versa.

‍

How can enterprises anticipate the impact of plausible but severe scenarios, like CrowdStrike’s Falcon update, that impact how a business operates, before they happen? In short, how can we be more proactive and less reactive?

‍

By building a greater understanding of the enterprise from a people, process and technology perspective, its risk dimensions and the intricate dependencies between different realms of data, organisations can take risk-based approaches to maintaining the resilience of their operations.

‍

We’ve seen success in giving enterprise organisations this elevated understanding via digital twins with graph technology, by creating a manifestation of a digital twin in the form of a knowledge graph.

‍

What is a Graph Digital Twin?

‍

A digital twin is a virtual replica of a physical object or system that’s used to simulate, analyse and optimise real-world behaviour and performance. ‍

‍

Its graph instantiation consists of data modelled according to an organising principle, an ontology, that mirrors the entities, relationships and attributes of the actual object or system. This opens up insights into how it operates and how it can be improved – without any risk to the day-to-day business processes.

‍

Mapping the different realms that constitute an organisation’s operational domain provides the foundations for a capability that serves as the perfect platform for numerous important activities: 

‍

• Run scenario modelling exercises,
• Understand risk concentration in the organisation, 
• Investigate the blast radius of incidents,
• Assess the tolerance of your business to outages. 

‍

For example, with graph digital twin technology, an organisation could have a view of what applications underpin its products and services, the servers these products rely on, and the software that supports them. While this would be a very narrow portion of an enterprise digital twin, this alone would allow an organisation to understand the impact of a vulnerability in a particular software, and take a risk-based approach to plan for disaster recovery or necessary testing. 

‍

Graph digital twins foster adaptability and continuous improvement, ultimately supporting the creation of antifragile systems that grow stronger in response to challenges, ensuring long-term operational stability and resilience.

‍

Unleashing the Power of Graph Digital Twins: Essential Use Cases for Enterprises 

‍

Organisations can use digital twins to generate significant value and efficiencies to multiple areas of their business by implementing a spectrum of use cases:

‍

• For major change planning, graph digital twins can be used to build an understanding of the implications of changes to critical systems, as well as the likelihood and downstream impact of disruptions to customers or the organisation. 
  • In the CrowdStrike example, leveraging this, Change Management teams would have been aware of the magnitude of downstream impact that a new release of Falcon would potentially have on the organisation and rectify the release strategy accordingly to reflect the identified risk level.
• Managing risks associated with third-party vendors is essential for operational stability. A digital twin enables the organisation to map and monitor third-party connections within the enterprise, providing visibility to identify and mitigate high-risk relationships to prevent cascading effects on operations in the event of an eventual incident.
• Simulating different scenarios is invaluable for preparedness and strategic business continuity planning. Graph digital twins facilitate detailed what-if scenario modelling by predicting outcomes of potential incidents, testing the effectiveness of different response strategies, and enhancing planning through insights that improve contingency planning and readiness for various scenarios.
• Graph digital twins help identifying and addressing concentrations of risk and prevent catastrophic failures by mapping risk clusters to visualise areas with concentrated risks, continuously assessing risk levels of components to identify potential systemic failures, and implementing strategies to distribute risk more evenly, thereby reducing the impact of any single point of failure.
• Effective incident response and recovery planning are essential for minimising downtime and damage. Digital twins enhance these efforts by providing real-time insights to identify affected areas quickly, guiding response efforts through impact visualisation for efficient resource allocation, and supporting recovery plans by continuously updating to track progress and adjust strategies.
• For regulatory compliance, specifically around operational resilience, digital twins can help organisations identify areas of non-compliance and implement improvements to meet regulatory requirements by offering detailed insights and documentation on the organisation’s current operational domain.
• The Digital Twin provides an at-a-glimpse view of the organisation, that in itself provides valuable insights  for decision making. By mapping out the complex relationships and dependencies within the organisation, leaders can easily understand the overall landscape, quickly assess the state of the organisation and identify issues.

‍

Reimagining Operational Resilience with Graph Digital Twin Tech

‍

Digital twins are being embraced more widely than ever before as businesses learn more about their transformative capabilities.

‍

While historically digital twins have been linked to manufacturing and IoT based industries, we are now seeing adoption across multiple sectors including financial services, energy and utilities.

‍

We implemented a digital twin capability as part of our efforts to reimagine operational resilience for a highly-regulated financial services organisation. 

‍

Thanks to it, our client can now: 

‍

• Harness a digital twin to simulate the impact of various scenarios without shutting down live business services and causing disruption for customers, to accurately model the impact of cyber security, supplier concentration, legacy technology, and disaster risks. For example, the digital twin provided insights on the impact of outages at Ukrainian data centres and offices taken offline during the war.
• Be better able to meet frequent regulator requests, by reducing the time needed to report on global regulations on operational resilience  to a matter of minutes, which previously took months.
• Reduce the risk of tens of millions in fines, by complying with new regulation and strengthening operational resilience as a result of data democratisation and accelerated accessibility.

‍

With a greater understanding of the probability and impact of potential disruptions, the client has greatly mitigated risks, improved the resilience around the products and services it sells and, in turn, improved customer experience. Using the reporting capability the digital twin enables, it can also provide customer confidence in an increasingly competitive market. This has significantly bolstered the organisation's operational resilience in an ever-evolving financial landscape, cementing its position as a leader in the industry while ensuring the utmost reliability and continuity of critical operations.

‍

‍

‍

Reimagine Your Business with a Digital Twin

‍

Digital twins have the potential to revolutionise businesses by helping them to gain a deeper understanding of their operations and make informed decisions.

‍

The technology allows organisations to make more informed decisions without running the risk of reputational or financial costs. 

‍

Had an organisation implemented a graph digital twin, it would have understood the downstream impacts and it would have had the opportunity to mitigate the risks associated with the CrowdStrike Falcon release. By simulating impacts of change requests, mapping dependencies, enhancing incident response, and fostering continuous improvement, graph digital twins provide a comprehensive approach to de-risking software updates. Armed with this knowledge, Change Management teams could, for example, opt for a phased release strategy before a full-scale rollout. 

‍

From the increased understanding to the ability to scenario test operational and technology risks – without disrupting services and resulting in lost revenue – to stopping the release of incomplete products to the market, and even reporting more accurately to regulators, there is an array of benefits from utilising graph digital twin technology.

‍

While a digital twin needs the right foundations, it can reimagine how businesses approach risk and navigate uncertainty.

‍