CIO OPINION of business impact or exposure caused by the CrowdStrike outage :
• Review prevention , response and support procedures for large-scale outages .
• Many organisations report they are unable to handle the sudden large volume of support requests .
• Check and update downtime procedures for key operations , and revise crisis communication plans , incident response processes and business continuity management , IT disaster recovery plans .
• Ensure key employees with response and recovery responsibilities have the necessary competencies and are involved in testing enterprise systems .
• The CrowdStrike outage reinforces the need to focus on resilience .
• Use a top-down approach to connect the approach to overall strategic objectives .
• Assess the operational hit before deploying a security agent by weighing the impact against the expected security benefit .
• Endpoints ’ agents have unavoidable consequences on performance and vulnerabilities to updates on other applications .
• Protect against threats by selecting endpoint security tools that use end-to-end user behaviour analytics , containment , machine learning , and endpoint detection and response , as well as legacy techniques such as the use of signature-based antivirus software .
• Evaluate the efficacy of current endpoint protection mechanisms to identify areas
requiring improvement to forestall recurrence of a similar incident . p
Post event reactions and recommendations
Mark Grindey , CEO Zeus Cloud
It is clear that adequate testing for updates should be done in a safe environment before issuing them company-wide . Companies should never have auto-updates set in a live environment and always test an update in a safe environment before releasing it live to minimise potential risks . This global outage highlights the need for businesses to not blindly trust their suppliers when it comes to updates before testing first .
The only fix now is to reboot in safe mode and remove the erroneous file ; unfortunately , this cannot be done remotely . It could so easily have been a security incident or cyber-attack and this manual intervention required to get back up and running opens the door for other potential security risks and vulnerabilities .
Kevin Reed , Chief Information Security Officer , Acronis
The recent CrowdStrike outage appears to stem from a bug in their EDR agent , which was unfortunately not thoroughly tested . This resulted in widespread disruption as many installations were affected globally . The flawed update necessitates manual intervention to resolve , specifically rebooting systems in safe mode and deleting the faulty driver file . This process is cumbersome and leaves systems vulnerable in the interim , potentially inviting opportunistic attacks .
This incident highlights the importance of rigorous testing and staged updates for EDR agents .
Normally , testing is done with every release and can take days to weeks , depending on the size of the update or changes . The ease with which their driver files can be deleted also raises questions about the self-protection mechanisms of CrowdStrike ’ s software .
Andreas Hassellöf , CEO Ombori
There is now a risk that companies might become hesitant to apply crucial updates , fearing similar outages . However , this approach would leave them more susceptible to cyber-attacks . It is absolutely vital that organisations do not overreact by avoiding updates altogether .
Instead , this incident underscores the critical importance of managing software updates in a controlled , methodical manner .
Companies should implement robust testing procedures , including staging updates in isolated environments that mirror their production systems before rolling them out widely . This approach allows for the identification and mitigation of potential issues before they can impact critical operations .
While no update process is entirely risk-free , a careful , staged approach to updates can significantly reduce the likelihood of such widespread disruptions while maintaining strong cybersecurity defences .
Source : Minimize Disruption From the CrowdStrike Windows Outage by Gartner , 19 July
46 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com