Microsoft Azure customers all over the world could not access Azure services for over nine hours.
What happened – On July 30, 2024, Microsoft customers faced a widespread global outage impacting Azure cloud services and Microsoft 365 products.
At 7:45 am ET, Microsoft began investigating a Distributed Denial-of-Service (DDoS) attack that had already impacted customers. This DDoS attack involved one or more bad actors flooding Azure with usage requests. In other words, Microsoft saw an abnormally excessive number of ‘users’ flooding Azure. Bad actors use this tactic to overwhelm the cloud service, causing a denial of service to legitimate users.
About two and a half hours later, Microsoft responded and restored Azure services to most of their impacted customers. Microsoft then implemented an additional ‘updated mitigation approach.’ As a result, the new fix ‘amplified the impact,’ reversing the mitigation and making things worse for customers across the globe for six and a half hours.
Read: Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error
Why this is important – The Azure outage demonstrates that Institutional Investor Firms’ cybersecurity is only as strong as their weakest vendor. Between the Azure outage and the Crowdstrike/Microsoft IT outage on July 19, 2024, Microsoft demonstrates that big vendors often fall victim to cyber attacks and disruptions, too.
In a technological age, firms are beginning to adopt the perspective of: It’s not a matter of if firms will be impacted, but a matter of when and how often.
Recommended best practices – Focus on the firm’s incident response and vendor due diligence.
1. Update and test Written Information Security Plans (WISP) and Incident Response Plans (IRP).
- Create a robust WISP and IRP that addresses outages, and threats introduced through your vendors.
- Test the efficacy of your IRP with regular Incident Response Tabletop Exercises where your team rehearses what to do in the event of an incident.
- Use lessons learned from Tabletop Exercises to update your IRP.
Download PDF: Drawbridge Cybersecurity Policy Development.
Download PDF: Drawbridge Incident Response Tabletop Exercise.
2. Make sure that your vendors maintain backup data.
- When performing Vendor Risk Assessments, ask about backup data and process.
- Ask the vendor – What is involved in their own Incident Response Plan?
Download PDF: Drawbridge Vendor Risk Assessment
Contact your Account Manager or a Drawbridge team member today for comprehensive cybersecurity support and solutions tailored to protect your organization from these evolving threats.