Combating Incidents Like the CrowdStrike 2024
A Young Turk, Evaa is an alumnus of Narsee Monjee Institute of Management Studies with more than 15 years of professional experience.
It's been only days since the world faced one of its biggest IT catastrophes. On 19 July 2024, American cybersecurity company CrowdStrike made a grave mistake. They distributed a faulty update to its Falcon Sensor security software. Chaos unfolded, causing widespread problems with Microsoft Windows computers running the software. Organizations must be ready and resilient since such discrete global events are almost impossible to eradicate. A subject matter expert, Evaa Saiwal, Head of Cyber Insurance at Policybazaar for Business, walks us through this challenging scenario in the cyber security space and possible solutions.
The recent CrowdStrike outage affected many companies worldwide. What steps should leaders and companies take to avoid risk in such situations?
The CrowdStrike outage indeed underscores the importance of robust risk management strategies. Leaders and companies should take a multifaceted approach to avoid similar risks. This includes conducting regular risk assessments, implementing comprehensive cybersecurity frameworks, and ensuring redundancy in critical systems. Additionally, having a well-documented incident response plan that is tested regularly can help mitigate the impact of such outages. Investing in cyber insurance is also crucial as it provides financial protection and access to expert resources in case of a cyber incident.
The outage brought a variety of risks to the forefront. How could businesses remain
resilient against disruptive events?
Business resilience in the face of disruptive events requires diversification and decentralization. Companies should avoid over-reliance on a single vendor or service provider by diversifying their supplier base. Additionally, implementing multi-cloud strategies and maintaining offsite backups can help ensure business continuity. Regularly updating and testing disaster recovery and business continuity plans is vital. Training employees on these plans and maintaining open lines of communication with stakeholders during an outage can significantly enhance a company's resilience.
Regularly updating and testing disaster recovery and business continuity plans is vital.
While preventing global tech outages entirely may be unrealistic, companies can minimize their likelihood and impact through proactive measures. This includes investing in cutting-edge cybersecurity technologies, such as advanced threat detection and response systems. Regularly updating and patching software, conducting vulnerability assessments, and implementing stringent access controls are also critical. Additionally, fostering a culture of cybersecurity awareness among employees and continuously educating them about the latest threats can help reduce the risk of breaches that could lead to outages.
How can businesses minimize the impact and recover quickly?
To minimize the impact of outages and recover quickly, businesses should implement a combination of technical and non-technical controls. Technical controls include having redundant systems, automated fail-over mechanisms, and comprehensive data backup solutions. Non-technical controls involve creating and maintaining detailed incident response plans, conducting regular training and simulations, and establishing clear communication protocols. Ensuring that there is a dedicated team responsible for crisis management and that all employees know their roles during an outage is essential for a swift recovery.
The outage was a wake-up call for the vendors. What should IT leaders do to unlock these situations when external partners often update software on corporate devices?
IT leaders should establish robust vendor management practices to address such situations. This includes conducting thorough due diligence before selecting vendors, ensuring they adhere to stringent security standards, and regularly auditing their performance. IT leaders should also negotiate clear service level agreements (SLAs) that outline the expected performance and response times for addressing issues. Additionally, implementing continuous monitoring of software updates and changes, along with maintaining a rollback plan, can help mitigate risks associated with external updates. Building strong partnerships with vendors and fostering open communication channels are crucial to promptly addressing any concerns that may arise.