News
,

Was the CrowdStrike Incident a Fluke or the Beginning of a Trend?

By Rob Foxx

On July 19, 2024, CrowdStrike pushed out an update to their customer base that disabled an estimated 8.5 million computer systems across the world. This not only damaged their reputation, but it also sent fear and uncertainty into those businesses that utilize IT services. This single event cost about $5.5 billion in damages and business loss.

The real question is who can be affected by an event like this. The short answer is anyone who uses any products or services that can affect the system files of a computer. This includes Microsoft Windows automated updates, antivirus, remote configuration tools, and many others. For those who are not familiar with the previously mentioned list you have several of these on any given business computer.

So why do we not hear about events like this more often? The reality of the situation is these events happen every day. Windows updates pushed out by a managed service provider that removes all network drivers, thus disabling the connection to the login service rendering a computer useless, was my personal CrowdStrike. This happened several times over the course of a month, anti-virus similar to CrowdStrike that disables use of business-critical software or core access. An update to Windows that prevents backup software from running correctly. These have all happened. Most people have never heard of these events as they did not have a worldwide impact or cost billions of dollars in losses. CrowdStrike made news because of their wide adoption as they offer a service only a handful of other companies do.

So how do I protect my organization? The only 100% means of protecting your computer environment is to power it down, unplug it, and bury it in concrete. Business, however, runs on acceptable risk, so let us look at what could help lower your risk and impact. During the course of onboarding or reviewing a vendor for contract renewal, you can verify or request that they add in testing criteria before sending out updates. Comparing vendor services with an RFP (Request for proposal) can identify whether a service fits your needs. Several similar companies allow for the designation of a test group which includes a sampling of computers across your organization. This group should fill all the key roles to running your enterprise and test for a week or more before the updates are pushed to the rest. Perhaps one of the best means to protect yourself is to have knowledgeable IT on staff or as an on-call vendor. The fix to restore CrowdStrike would take per computer less than 10 minutes at a keyboard. A little longer if the computer has BitLocker or other similar protections in place. A good recovery plan and continuity for running on alternate systems can also save quite a bit of recovery time.

I do believe there will be more events like the CrowdStrike outage, especially given how large some services grow to global offerings. I believe vendors will be more cautious in their products. Will you be more cautious in your implementations?

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

Print 🖨
/by
You might also like
Reimagining Accessibility for Banks
Bright lightbulb in the middle of dim onesCommunity Banks Leveraging Technology
Network of lines and dots marked with numbers and locksExecutive Letter: Protecting Your Bank from a Cyberattack
Lori KalscheuerWBA Featured by Cvent for Delivering Industry-Leading Events
Executive Letter: The Federal Reserve’s FedNow® Service Offers New Payment Options
CSBS Ransomware Self-Assessment Tool and Resource Guide
Is Your MSP Helping You Meet Evolving Regulatory Priorities? It Should Be.
Cybersecurity Without the Checklist: Adapting to the CAT’s Sunset
Wisconsin Bankers Association logo

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe

The Stephenson National Bank & Trust Celebrates 150th AnniversaryIn Memoriam: Ronald J. Schowalter