The CrowdStrike Incident Means Companies Must Review Their Cloud Strategies

The global disruption caused by the CrowdStrike software update failure, which led to a global outage of MS Windows systems resulting in 8 million computers crashing and has sent shockwaves through the IT community. The outage brings severe economic consequences, as well as having a widespread impact on the healthcare and airline sectors, as the personal well-being of those affected. 

The CrowdStrike incident affected computers running Microsoft Windows across various sectors, including airlines, banks, retailers, brokerage houses, media companies, and railways. 

The travel sector was notably impacted, with airlines and airports in Germany, France, the Netherlands, the UK, the US, Australia, China, Japan, India, Singapore, and Taiwan facing significant issues with check-in and ticketing systems, leading to flight delays and airport chaos. 

CrowdStrike is used by thousands of the biggest brands and companies around the world. The issue began when an error in the code of their Falcon system, which is designed to prevent cyber attacks, resulted in an error message across millions of Windows 10 PCs, taking out critical systems and IT infrastructure.

For CISOs, the event serves as a stark reminder of the inherent risks associated with over-reliance on a single vendor, particularly in the cloud. The incident, which saw IT systems crashing and displaying the infamous ‘Blue Screen of Death’ exposed the vulnerabilities of heavily cloud-dependent infrastructures.

While grappling to understand and rectify the problems causes bu their own defective work, Crowsdtrike also struggled to communiniacte with end-users::-

  • “Customers are advised to check the support portal for updates. We will also continue to provide the latest information here and on our blog as it’s available. We recommend organisations verify they are communicating with CrowdStrike representatives through official channels." read one statement.
  • “We assure our customers that CrowdStrike is operating normally and this issue does not affect our Falcon platform systems. If your systems are operating normally, there is no impact to their protection if the Falcon sensor is installed,” said another CrowdStrike update.

While the issue is being slowly resolved, it has cerainy  served to demonstrate the potential for catastrophic consequences when a critical security component fails. This has forced CISOs to question the resilience of their cloud environments and explore alternative strategies. In particular, CISOs to revisit and fortify their cloud strategies and implement robust risk management practices, enhancing security measures, and diversifying cloud solutions, organisations can better protect themselves against future disruptions. 

As the cyber security  industry grapples with the implications of this event, the focus must shift towards building resilient, adaptable, and well-tested cloud strategies to navigate an increasingly complex digital landscape. This should include the following:

  • Empower authorised system administrators to fix the problems quickly and effectively: This includes backing up hard disk encryption keys (BitLocker or another third party), as these may be critical for recovery in such instances, as well as using privileged identity management solutions for break-glass emergency situations.
  • Communicate effectively and clearly: Communicate clearly, both internally and externally, on the impacts, status, and progress of your remediation efforts. Enlist marketing and PR to craft that messaging. Stay grounded on the realistic impacts (not the theoretical worst-case scenario), and keep an even tone.
  • Re-evaluate third-party risk strategy:  If a third-party risk management program is overly focused on compliance, you’ll likely miss significant events like this one that impact even compliant vendors. 

Business  leaders can’t afford to ignore assessing their service supplier against multiple risk domains such as business continuity and operational resilience, not just cybersecurity. They also need to map their third-party ecosystem to identify significant concentration risk among vendors, especially those that support critical systems or processes.

  • Use the contract as a risk mitigation tool: Tech leaders along with procurement and legal teams should update language to include new security and risk clauses that assign accountability during disruptive events and clearly outline timeframes for vendors to patch and remediate. 
  • Use such incidents as a basis for implementing measures in contracts and service-level agreements: If vendors push back, you’ll need to consider whether the price you negotiated still makes sense and, possibly, whether to do business with them at all.

CrowdStrike is a $multibillion corporation and will likely survive, but, its commercial reputation and those of services suppliers with a similar degree of responsibilty, simply cannot risk  another incident like this.

Crowdstrike   |   Microsoft   |   CIO   |   BBC   |   Forbes   |   NextGov   |    GBNews 

Image: BigNazik

You Might Also Read: 

Resilience Is Essential To Protecting Critical Infrastructure:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Proposed British Digital Information & Smart Data Bill
Beware The Ghost Stories Of Cyber Space »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Cyberarch Consulting

Cyberarch Consulting

Cyberarch is a security-focused consulting firm. We provide services specializing in information security, digital forensics, penetration testing and cyber security training.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.