Cybersecurity lessons learned from the biggest IT outages
What happened – On July 19, 2024, CrowdStrike pushed out flawed software that affected the Microsoft Windows’ kernel, the core that connects all the other parts of the Windows operating system. The flaw caused a logic error in the operating system, triggering the infamous Blue Screen of Death (BSOD), and preventing users from starting their computers.
This type of direct kernel access is not unusual for many software companies that push updates into the Windows operating system. Unfortunately, by the time CrowdStrike identified the flaw and rolled back the update, it was too late. The update was already pushed out, affecting 8.5 million Windows devices, amounting to a financial loss of $1.15B in the banking sector and $5B among Fortune 500 companies.
Read: CrowdStrike outage: We finally know what caused it – and how much it cost
Read: CrowdStrike—How Microsoft Will Protect 8.5 Million Windows Machines
Read: CrowdStrike outage explained: What caused it and what’s next
Why this is important – The outage not only disrupted organizations, but was a major event that hackers are currently exploiting.
Hackers are pretending to be IT support from CrowdStrike, Microsoft, or from their victim’s organization as part of ongoing phishing attacks via phone and email. These bad actors offer their assistance, but pressure victims to circumvent existing security protocols and deliver malware into their systems.
Read: CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams
Recommended best practices – Focus on having more than one cloud provider and practice vendor due diligence, incident response, and phishing and user awareness training.
- Diversify your cloud providers.
If you only have a single cloud provider and it is impacted by an outage, you can’t access your backups stored there. Leverage multiple cloud providers to ensure you can stay operational even if one provider is down. - Create a robust Business Continuity Plan (BCP) and Incident Response Plan (IRP).
Maintain a BCP and IRP that addresses what to do in case of an outage by one of your vendors. Regularly rehearse your IRP with an Incident Response Tabletop Exercise and use lessons learned from those exercises to improve your BCP and IRP.
Download PDF: Drawbridge Cybersecurity Policy Development
Download PDF: Drawbridge Incident Response Tabletop Exercise
- Perform a Vendor Risk Assessment
Make sure all your vendors have their own BCP and IRP and take reasonable cybersecurity measures. For critical Vendors, ensure you have assessed your operational resilience should that Vendor experience a major outage.
Download PDF: Drawbridge Vendor Risk Assessment
- Mandate User Awareness & Training
With the uptick of phishing attacks and fake websites, your employees are the first line of defense against a cyber attack. Make sure that the entire organization is practiced at identifying and reporting suspicious calls, emails, and other communications.
Download PDF: Drawbridge User Awareness and Training
Get smart take action – Stay operational even when vendors fail.
Contact your Account Manager or a Drawbridge team member today for comprehensive cybersecurity support and solutions tailored to protect your organization from these evolving threats.