Introduction
In a world where technology is more critical than ever, last week’s CrowdStrike incident serves as a stark reminder of the vulnerabilities that can impact us all.
Understandably, a lot of businesses are concerned and have questions about what they should do next to stay protected.
So today, we’re taking a closer look at what happened, the implications, and how you can prepare your business against similar disruptions in future.
What was the CrowdStrike incident?
It’s almost impossible to have missed the news about the widespread outages caused on July 19th, when numerous computer systems globally began crashing.
This significant disruption stemmed from a defective update in CrowdStrike’s Falcon platform, a popular cybersecurity software used by over half of the Fortune 500 companies, as well as businesses and organisations across the world. The faulty update triggered a Blue Screen of Death (BSOD) and reboot loops on Windows devices, affecting an estimated 8.5 million devices and causing severe disruption across various sectors, including airlines and hospitals.
What was the impact?
This incident is one of the largest global IT disruptions in recent memory and almost everyone was either directly affected or knows someone who was.
The incident was so severe that it triggered government emergency meetings and led to CrowdStrike’s CEO testifying before the US Congress. It also created opportunities for scammers and cybercriminals to take advantage of the chaos.
The financial toll was monumental, with direct losses for Fortune 500 companies estimated at around £4.1 billion.
What do we know about how this happened?
An investigation revealed that the incident was due to a “bug” during an update to CrowdStrike’s Falcon Sensor product, which is designed to prevent breaches through their cloud-delivered technology. An update to this Falcon product caused a Windows operating system crash or a blue screen of death (BSOD).
What this means in simple terms, is we’re talking about a bug rather than a full cyber attack, as was initially assumed when the issue started. Not that this helps all of the people and businesses affected.
Should I be worried about this happening again?
While this specific incident is unprecedented and unlikely to recur with the same software, CrowdStrike has committed to improving their processes to stop this happening again.
These improvements include staggered deployment strategies and enhanced monitoring during updates.
Having said that, this doesn’t mean there won’t be another incident with another product in future.
Looking at the possibility of IT disruption in a wider sense, this is much more likely to reoccur. One example would be the high chance of a cyber attack. After all, half of all UK businesses were a victim of cyber attacks last year.
Therefore, it’s better to take steps to be prepared for whatever kind of IT disruption you might face.
What steps can I take to prepare my business?
Security Review
Even if this wasn’t a cyber attack, there’s still been a lot of talk about “single points of failure”. This is a term in IT that means if one single part goes wrong, it can affect your whole IT system or business.
Start with a thorough review of your IT systems to identify any of these weak points. This includes reviewing user identities, servers, cloud-based systems, and devices. If you need help with this, our security baselining service can check all areas of your IT infrastructure for you.
Disaster Recovery and Incident Response Plans
Make a plan in case the worst happens. This will cover the technical aspects of which systems will kick in in the event of a disaster, like having redundancy of equipment if one device fails. Remember, if your Disaster Recovery (DR) environment is an exact replica of your live production environment, the same problems could happen there too, so be sure to consider this in your planning.
It’s also important to have an detailed response plan, which includes the exact steps that your business will follow in this kind of situation. Being prepared can significantly reduce the impact of unexpected incidents.
Audit Your Supply Chain
Let’s say your IT systems are secure, but what about your supplier systems or your supplier’s supplier’s systems? This is a step a lot of businesses forget. It’s important to review anyone who comes into contact with your business and make sure they aren’t impacting your level of security. Anyone from guest users to contractors to suppliers. Their vulnerabilities could potentially affect your business.
As an example, as part of being ISO certified, at Coretek we have to audit the quality of all of our suppliers on a regular basis. Regular supplier audits like these can help maintain a high level of security at your business.
Next Steps
The CrowdStrike incident is a wake-up call for all businesses to prepare for potential threats. It’s crucial to implement robust security measures and have effective response plans in place.
For expert assistance in analysing and securing your IT infrastructure, get in touch with Coretek today. We can ensure that your business is prepared for any IT security challenges that lie ahead.