The recent CrowdStrike incident sent shockwaves through the global IT landscape, causing widespread disruptions and highlighting the delicate balance between cybersecurity, system stability, and business resiliency.
If your organization was affected by the outage, you’ve likely recovered or are restoring your systems to full normal operations. It’s critical to adhere to the guidelines provided by Microsoft and CrowdStrike to reverse the problematic update and ensure that any vendors or service providers you depend on do the same. While the next disruption may be unpredictable, you can plan ahead to respond effectively.
What Exactly Happened?
On July 19, 2024, a routine content update from CrowdStrike, a leading cybersecurity provider, inadvertently triggered a massive outage affecting millions of Windows computers worldwide. CrowdStrike’s Falcon platform, designed to protect organizations from cyber threats, uses a kernel-level driver to monitor system activities. However, a defect in a recent update caused Windows hosts to crash, resulting in blue screen errors and system failures affecting various industries. This seemingly small change had cascading effects, demonstrating how deeply integrated security software can become a single point of failure for many organizations.
It’s important to note that this was not a cyberattack, but rather an unfortunate technical glitch, and CrowdStrike quickly identified the issue, isolated it, and deployed a fix. However, the process of recovering affected systems proved challenging for many organizations, especially those with large numbers of endpoints.
Preparing for the Next Disruption
This CrowdStrike incident is a stark reminder of the complexities involved in managing modern IT infrastructure and the potential risks associated with widely deployed security solutions. Specifically, the incident brings into sharp focus the often-overlooked domains of third-party risk management, business resiliency, and security architecture. These are not just buzzwords but critical IT capabilities that require urgent attention and action.
Here are some actionable strategies to proactively prepare your organization for the next disruption:
Third-Party Risk Management
- Conduct vendor risk assessments: Regularly evaluate the security posture of third-party vendors through risk assessments and security questionnaires. Continuous monitoring and detailed reporting can help identify and mitigate risks associated with third-party vendors.
- Enhance third-party collaboration: Work closely with third-party vendors to ensure they adhere to robust security practices and are prepared to respond effectively to incidents. This collaboration is crucial for maintaining overall security and compliance.
Business Resiliency
- Develop alternate recovery procedures: Work closely with business functions to identify critical processes and dependencies. This will allow you to develop alternate procedures for maintaining business continuity during and after a cyber or IT incident.
- Test business continuity and disaster recovery plans: Conduct regular tabletop and failover exercises to identify vulnerabilities in the existing resiliency plans. This should include regular testing of backup systems and data recovery procedures.
Security Architecture
- Develop operational technology security architecture blueprints: Within the security architecture review process, ensure OT security requirements and secure-by-design considerations are implemented into deployments. This ensures that critical OT systems should not be affected by third parties or external actors without going through the secure channels enabled by the organization.
- Enhance network segmentation to critical assets: Critical assets identified by the organization should be isolated from the internet and external entities. Updates or maintenance to these assets should go through a more rigorous process to ensure downtime is minimized.
The CrowdStrike incident is more than just a cautionary tale – it’s a directive for proactive change in the way we approach cybersecurity and resiliency programs. While it’s important to enhance your strategy around these domains, IT and business leaders must continue to work closely to identify business risks. This involves considering new threats, various disruption scenarios, and existing IT infrastructure, all while striving to implement best practices for cybersecurity and risk mitigation.
The next disruption may be unpredictable, but being well-prepared can enable your organization to maintain business continuity. To enhance your risk management capabilities and threat readiness, contact CrossCountry Consulting.