CrowdStrike Outage : 7 Lessons from the Disruption

On Friday 19th of July 2024, CrowdStrike’s Falcon security solution update for Windows systems caused a global disruption, impacting critical sectors like airlines, hospitals, and more. With 8.5 million devices affected, the ripple effects were felt worldwide.

Here are 7 key lessons we must learn from this incident:

1. 𝗔𝗰𝗰𝘂𝗿𝗮𝘁𝗲 𝗔𝗰𝗰𝗼𝘂𝗻𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆: It’s crucial to correctly identify the source of the problem. This issue was primarily CrowdStrike’s responsibility, not Microsoft’s. And not the EU Commission’s either.
2. 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗨𝗽𝗱𝗮𝘁𝗲 𝗧𝘆𝗽𝗲𝘀: The disruption was caused by a security content update, not a software update. These updates undergo different levels of verification. As vulnerabilities are discovered, attackers diminish year after year the Time to Exploit and accelerate. Security vendors, MSSPs and customer teams have only a few hours to publish security updates. Not days.
3. 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁: Responsibility is shared between provider and customer. Companies can choose to diversify their key vendors such as EDR providers (CrowdStrike) and have robust continuity plans to handle such incidents. Is it a good idea to terminate the business relationship with CrowdStrike? Probably not: they will learn and come stronger and safer.
4. 𝗚𝗹𝗼𝗯𝗮𝗹 𝗣𝗲𝗿𝘀𝗽𝗲𝗰𝘁𝗶𝘃𝗲: The nationality of CrowdStrike (USA) had no bearing on the issue. Any company could face similar challenges. Even your local cybersecurity champion.
5. 𝗖𝗹𝗼𝘂𝗱 𝗔𝗱𝘃𝗮𝗻𝘁𝗮𝗴𝗲: It’s a paradox. Cloud-native solutions could have mitigated the impact more effectively than physical systems. Cloud scales, machines cannot restart.
6. 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗼𝗿𝘆 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Existing regulations in Europe like NIS2 and DORA are sufficient; this wasn’t a regulatory failure. There’s probably no need to regulate further.
7. 𝗛𝗼𝗹𝗶𝘀𝘁𝗶𝗰 𝗥𝗶𝘀𝗸 𝗮𝗻𝗱 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲: This incident reminds us that organizations must encompass all aspects of risk and resilience, identifying potential domino effects. Cybersecurity is essential, but it does not operate in isolation.

This wake-up call reminds us of the importance of resilience and preparedness in cybersecurity. And cyber… safety. How are you ensuring your organization is ready to handle such unforeseen challenges?