Cybersecurity Lessons from the CrowdStrike Outage

On July 18^th, a bug in a CrowdStrike software update led to a massive IT outage that had global ramifications. While this incident wasn’t caused by a cyber-attack, it involved cybersecurity software and had an impact similar to an attack. There are cybersecurity lessons from the CrowdStrike Outage we can all learn.

What Happened

The outage was caused when CrowdStrike released an update for its Falcon software for computers running Microsoft Windows. Falcon is endpoint detection and response software designed to protect computers from cyber-attacks and malware.

The faulty software update took down 8.5 million Windows devices. Users found themselves looking at the notorious “blue screen of death.” The outage impact was felt worldwide. Thousands of flights were canceled, stranding travelers for days. Some healthcare organizations lost access to electronic health records and were forced to cancel appointments. 911 services went down temporarily in Alaska. The outage also affected banks and broadcasters.

There are many cybersecurity-related lessons from the CrowdStrike outage that can help organizations better prevent and respond to an incident. Here are some actions that can improve business continuity and mitigate the damage of a cyber-attack.

Data Backup and Disaster Recovery Strategies

If your data is lost or inaccessible due to a cyber-attack or system failure, having that data backed up in a separate location can be a lifesaver. Popular data backup options include cloud storage and external hard drives. Establish a schedule to test your backup methods to verify their integrity and accessibility. Regularly schedule backups of all critical data to ensure it is all accounted for.

Establish a disaster recovery plan. Many disaster recovery plans include the use of cloud-based services, which can provide flexible and scalable resources to restore systems rapidly. If you go the cloud route, ask your provider how it handles an emergency and how it tests the system to make sure it can seamlessly go online when needed. Implementing a tiered backup strategy, where data is backed up at different intervals and locations, further enhances resilience against attacks.

Establish Response and Communication Plans

If your organization is the victim of an attack, a quick and well-planned response can mitigate the damage. Develop an incident response plan that includes directions for responding to, containing, remediating, and recovering from an incident. Your response plan needs to account for different attack methods and scenarios. Use tabletop exercises to simulate attacks and test the effectiveness of the response plan. Regular drills ensure that employees are familiar with their roles and responsibilities during an attack.

Communication is also important after an incident. Develop procedures for notifying the people who need to know, which includes internal stakeholders, customers, and the media if the situation warrants.

Testing Environments and Protocols

Your software vendors will likely have regular updates for you to install. That’s good since updates often include patches for vulnerabilities in the software along with new features and functions. You need to be able to trust that the software updates you install do not expose your organization to unnecessary risk. Ask your vendors these questions:

• Are updates rigorously tested in a simulated environment before release?
• Can we do a staged deployment instead of automatic updates?
• Can we test updates before deploying?

Prepare for Heightened Vulnerability

After a cyber-attack or IT outage, your company could be at its most vulnerable since your security software and systems may not be fully functional. CISA noted after the outage bad actors were targeting CrowdStrike customers with phishing attempts and other malicious activities.

This is a moment when your organization’s commitment to security could be put to the test. Be prepared by executing these security strategies to protect your business ahead of time:

• Require your staff to go through comprehensive security training that includes phishing recognition
• Implement a multi-factor authentication policy
• Require strong passwords
• Keep all software up to date to ensure any security vulnerabilities are patched
• Use encrypted wi-fi connections to protect your network from authorized visitors

One of the most effective ways to design and implement a cybersecurity program you can trust at the most crucial moments is by using an established cybersecurity framework. The NIST Cybersecurity Framework (NIST CSF) is a popular standard designed to help organizations design, implement, and manage a recognized cybersecurity structure, using a flexible and customizable approach. Certifiable standards like ISO 27001 and SOC 2 will result in your organization implementing proven security controls and their highly regarded status can serve as a business driver.

CompliancePoint has a team of experienced cybersecurity professionals and a full suite of services that can help solve your cybersecurity challenges. Contact us at connect@compliancepoint.com to learn how we can customize a service plan to meet the needs of your organization.