Friday 19th July started as a normal day for many businesses. The weather forecast was improving, and workers across the world were looking forward to a weekend of relaxation, socialising, and time to unwind.
In truth, however, the end of the week was set to run anything but smoothly: just a few hours into Friday morning, airports, doctors, banks, businesses and stock exchanges around the world were in chaos. News reports showed queues of stranded passengers waiting for flights around the globe, businesses were struck dumb, unable to carry out simple processes, and millions of people found themselves at the mercy of a software update that was, ironically, designed to protect against hackers and minimise IT disruption.
But just what happened in the Crowdstrike meltdown, and how can you protect your business if a similar event occurs in the future?
Who Are Crowdstrike?
To really understand the issue at hand, we first need to understand the name behind the headlines. CrowdStrike Holdings Inc is one of the largest providers of cybersecurity software in the world, focused on endpoint security, threat intelligence, and cyber attack response services.
The guilty part in question in this case was a tiny, seemingly harmless file, which was large enough to hold just a single web page image. In an example of size not being truly indicative of power, the file, ‘C-00000291*.sys,” was a small part of a larger update for the Falcon sensor product created by CrowdStrike. Once set into motion, the file created a critical error in the Microsoft Windows operating system, making affected devices unusable, and triggering the blue screen of death which is such a dreaded sight for Windows users.
The initial impact on businesses was immediately apparent: systems across the world were accosted by the dreaded blue screen of death, and nothing could be done to clear the error. Financial consequences and a lack of productivity were the clearest casualties, but cybercriminals had already discovered a way to potentially make things a lot worse for desperate businesses.
Within hours of the CrowdStrike incident going public a host of new domains appeared, each bearing the name ‘CrowdStrike,’ and offering resolutions and support to those impacted by the chaos. Taking full advantage of the catastrophe, unscrupulous cybercriminals grabbed domains such as ‘crowdstriketoken[.]com,’ and ‘crowdstrikefix[.]com’, reaching out to organisations under the guide of help their true agenda, however, was an elaborate phishing scam designed to obtain credentials and secure details, making an already devastating situation that much worse. In truth, the only fix for the error is to boot into Windows safe mode, delete the rogue file, and reboot - a much simpler solution, but one that would prove much less lucrative for would-be scammers.
The long-term consequences for CrowdStrike remain unclear, and are likely to include a landscape of financial penalties and legal action. The CEO, George Kurtz, has already pledged to fully investigate the incident and prevent repeat occurrences, stating that:
"Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we're taking to prevent anything like this from happening again…We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you're engaging with official CrowdStrike reps. Our blog and technical support will continue to be the official channels for the latest updates."
For now, the key focus for many businesses is understanding the steps that can be taken to minimise the impact in the event of a future incident like this via their own business continuity processes.
Ensuring business continuity needs to be a key priority for organisations of all sizes and levels, and there are three main aspects to this:
Thorough evaluation, updating and testing of business continuity and disaster recovery plans must be a major focus of any business. This should include detailed analysis of potential financial impact on an event such as the CrowdStrike incident, and a full back-up plan to help mitigate risk. Testing further extends to a change strategy. When rolling out major updates or upgrades businesses should test on a subset of devices to ensure any deployed changes are operating as expected, so to minimise any unplanned disruption should things go wrong.
A strong understanding of the dependencies and supply chains needed for critical infrastructure are also essential, and businesses need to work to secure the right protection through strong back up plans, good insurance, and clear contractual terms. This includes raising the alarm immediately if there is a fear that an IT or security event has occurred, and reviewing regulatory reporting obligations if an incident does occur.
Businesses also need to work to develop and implement vigilant and proactive protection strategies, which focus heavily on avoiding cybersecurity threats before they have the chance to cause a major incident. Vigilant monitoring and robust systems can help your organisation to stay ahead of the game, minimising the potential for serious harm or damage.
The CrowdStrike meltdown serves as a stark reminder of the vulnerabilities that even the most sophisticated systems can face. The incident, sparked by a seemingly insignificant file within a protective software update, caused widespread disruption across multiple sectors, highlighting the critical importance of robust business continuity measures.
For businesses, the lessons are clear: business continuity plans should form part of your cybersecurity measures, whether an incident is malicious or not, your business needs to be able to function as normal. Prioritise thorough testing and evaluation of disaster recovery plans, ensure a deep understanding of critical infrastructure dependencies, and maintain vigilant and proactive protection strategies. By learning from this incident and fortifying their defences, organisations can better navigate the complexities of the digital landscape and mitigate the impact of future cybersecurity threats.
At Bob’s Business, we are the UK’s Most Trusted Cybersecurity Awareness Training provider, equipping organisations with the knowledge and skills needed to protect sensitive data and ensure business continuity.
In the face of escalating cyber threats in 2024, cybersecurity training is not just a precautionary measure; it's imperative.
Empower your workforce with the knowledge and skills to prevent cyber threats and fortify your organisation's defences today.
Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.