A major tech outage caused by a software update failure at Crowdstrike, a leading U.S. cybersecurity vendor, has sparked significant disruption globally. This rare but devastating event highlights the critical risks associated with over-reliance on a single vendor (and also having a popular vendor being used extensively), emphasising the need for a strategic overhaul in how organisations classify and manage their cybersecurity systems.
The Incident and Its Fallout
The Crowdstrike outage disrupted operations of some of the world’s largest companies, grounding airlines (resorting to manual processes in some instances) and halting business activities across multiple sectors. This incident, while infrequent, reveals the inherent vulnerability in placing too much trust in one vendor’s solutions.
Revisiting Cybersecurity Strategies
Historically, organisations have mitigated risks by using separate vendors for different security functions, such as external and internal firewalls. This separation ensured that if one vendor’s product failed, the entire security infrastructure wouldn’t be compromised. The recent Crowdstrike debacle underscores the need to revisit and reimplement such strategies.
Key Takeaways and Recommendations
Just to be clear, we are not advising you or telling you to stop using Crowdstrike. But if you are relying on this product soley or in a very large way, you could be one of the major affected from this incident. Here are some key takeways and recommendations to consider. Yes we are getting to the point.
- Diversify Vendors: Using multiple vendors for different aspects of cybersecurity can prevent a single point of failure from crippling the entire organisation.
- Classify and Segment Systems: Clearly classify and segment systems to ensure that critical functions are protected by multiple layers of security from different vendors.
- Continuous Evaluation: Regularly audit and test security systems to identify and address vulnerabilities. Continuous evaluation helps in maintaining robust security.
- Robust Incident Response Plans: Develop and frequently update incident response plans to ensure quick recovery and minimal disruption in case of vendor failures.
- Clear, Practical and Robust Disaster Recovery: Develop and ensure a practical and useful disaster recovery plan is in place to ensure businesses can go back to normal operation within the business continuity guidelines.
- Employee Training and Awareness: Ensure ongoing training for employees, and in specific, when outages like this occur and affect your organisation, ensure there is adequate key learnings from the incident response to educate all employees on handling the future events.
Building Resilience and Trust
In the aftermath of a significant outage, rebuilding trust and ensuring operational resilience involves several steps, not just for a vendor like Crowdstrike, but also you as the organisation that was affected by the outage. Here are some key elements around building resilience and trust back:
- Transparent Communication: Maintain open lines of communication with stakeholders about the incident, its impact, and the corrective measures being taken.
- Enhanced Monitoring and Controls: Strengthen monitoring systems to promptly detect and respond to issues, minimising the impact of potential failures.
- Client Support and Compensation: Provide robust support and compensation to affected clients to demonstrate commitment to their welfare.
- Proactive Public Relations: Engage in proactive public relations to rebuild the vendor’s reputation, highlighting improvements and success stories.
The Crowdstrike outage is a stark reminder of the dangers of over-reliance on a single vendor. Organisations must adopt a diversified, continuously evaluated approach to cybersecurity, ensuring that their systems are resilient and capable of withstanding failures without crippling their operations. By revisiting and refining their cybersecurity strategies, businesses can safeguard against such catastrophic events and maintain operational integrity in an increasingly interconnected digital world.