The recent CrowdStrike outage serves as a stark reminder of the vulnerabilities inherent in even the most sophisticated systems and the ripple effect to all connected systems. In this article, we outline three important lessons businesses can learn from the outage.

 

On 19 July 2024, a considerable portion of the world’s computer networks went dark. The cause: a software glitch. CrowdStrike, a leading cybersecurity technology company that provides endpoint security, threat intelligence and cyberattack response services, had a faulty configuration update to its Falcon sensor software. The CrowdStrike Falcon is the company’s flagship product and is a cloud-based security platform that has been widely recognised for its effectiveness in detecting and preventing cyberattacks.

However. on that fateful day, the configuration update for the CrowdStrike Falcon contained an error that caused widespread issues with devices running Microsoft’s Windows Operating System, resulting in system crashes and boot loops. This incident had a significant global impact, affecting several industries and causing widespread disruptions. In the Caribbean, region and from all reports, the outage caused some disruption, with airports, airlines, banks, and insurance companies being among those most affected.

Having said this, It is important to highlight that the outage was not caused by a cyberattack or some external threat actor that breached our defences. The source was a crucial product in many organisations’ security defences that was compromised by its owners, the result of which cascaded throughout the network and was felt around the world. It thus serves as a stark reminder that even the most established cybersecurity firms can experience (and can cause!) significant disruptions.

At the same time, although the impact of this incident was most acute in large enterprises, small businesses can still learn several invaluable lessons learned. We share three.

 

1. It’s not only about cybersecurity but resiliency

The biggest takeaway from the CrowdStrike outage is the importance of network resiliency and business continuity. Although disruptions will inevitably happen, the focus ought to be on ensuring that they are minimal and the organisation recover quickly. Ultimately, a well-prepared business can recover more quickly from disruptions.

In addressing network resilience and business continuity, below are four key steps:

  • Identify critical systems. It is vital to know which systems and processes are essential for your business operations. Do not be general or vague, instead spend the time and get granular. The more you and your team understand all of the moving parts within the business’s operations the easier it will be to be more targeted in identifying and remedying situations when things go wrong.
  • Create contingency plans. In the Caribbean region, organisations are strongly encouraged to develop continuity and contingency plans typically with natural disasters in mind. However, those plans ought to be expanded to consider digital disruptions that can occur not only when there is a cyberattack but also if equipment or software malfunctions.
  • Test your plan. Noting the saying, “The proof of the pudding is in the eating”, continuity plans should be tested regularly to ensure they remain effective. Similarly, there be a process to review and update the plans, which should not only be done on a fixed schedule but also when existing systems equipment and processes are being retired or adjusted, or when new equipment or processes are incorporated into current operations.
  • Effective communication. Although the focus of continuity and resiliency exercises is often on operational matters, internal and external stakeholders are likely to be affected when continuity and resiliency plans must be activated. Cognisant of the calls for greater transparency and accountability by organisations, ensuring effective communication during and in the aftermath of a disruption or crisis should also be a priority, and should be part of the continuity and resiliency plans.

 

2.  A robust cybersecurity strategy is still important

As previously stated, the CrowdStrike outage was not due to a cyberattack; but the disruption to its Falcon sensor software caused organisations to become more vulnerable to such incidents. Although cybersecurity ought to be addressed as part of an organisation’s resiliency and business continuity frameworks, it still merits mention, especially since small businesses are often prime targets for cyberattacks due to their perceived lack of robust security measures. Here are some measures that can be implemented.

  • Diversify your security stack. First,don’t put all your eggs in one basket. Relying solely on one security solution can leave you vulnerable. Consider implementing a layered approach with multiple security tools, which has been recommended by several of security experts during our Expert Insights series.
  • Conduct regular backups. Though this point is a no-brainer, it is worth repeating. Regular backups of your data are essential. They can be a lifesaver in case of system failures or cyberattacks.
  • Invest in employee training: Your employees are not only your organisation’s first line of defence, they are also the most vulnerable entry point into your organisation’s network. Ensure they understand the basics of cybersecurity, such as recognising phishing attempts and creating strong passwords, as well as the procedures that ought to be followed to key systems and operations safe.

 

3.  Regardless of your organisation’s size, manage your vendors

Vendor management is an area that small businesses tend to overlook, believing that only large corporations and enterprises have the clout to do so. However, smaller businesses may be more adversely affected when there is a disruption than enterprises, which suggests they could benefit from more proactively managing their vendor relationships. Consider these points to manage it effectively:

  • Conduct due diligence. Conducting comprehensive due diligence is time-consuming and it is easy to gloss over the details or use the most popular choice. However, it is crucial to research your vendors thoroughly and to do so against your organisation’s requirements. It is also important to know their security practices and disaster recovery plans and the ways in which they could (or intend to) mitigate the impact of adverse situations on their customers.
  • Carefully examine service level agreements. A service level agreement (SLA)is where terms, conditions and obligations that the vendor is offering and to which the customer is agreeing are documented. Carefully review the SLAs and ensure that service levels and the organisation’s expectations are clearly defined.
  • Conduct regular risk assessments. Risk assessment exercises ought to be part of an organisation’s network resilience and business continuity exercises. Specifically regarding vendors, it is important to regularly assess the potential risks associated with your vendor relationships. Again, although such exercises could be scheduled, they could also be triggered if a vendor makes an upgrade or wishes to change to SLAs, or if the organisation needs to adjust its systems or operations. Ultimately, vendor relationships are not static and they ought to be monitored to ensure they fully and truly work for the business.

 

Though it is hoped that there will not be a repeat of the CrowdStrike outage, the truth of the matter is that disruptions are inevitable. Thus the focus should not solely be on prevention but also resiliency: to ensure that organisations are better prepared to bounce back quickly with minimal loss.

 

 

Image credit: rawpixel.com (Freepik)