Late on Thursday, a misconfigured content update released by cybersecurity company CrowdStrike triggered worldwide outages across Microsoft Windows systems. The update was meant to fine-tune the detection of malicious activities in order to prevent cyber attacks. However, it caused Windows machines to crash and display the Blue Screen of Death (BSOD), impacting essential services such as airports, airlines, banking institutions, and service companies that rely on Windows-based systems. The outage has left hundreds of thousands of travelers stranded in airports around the world, with thousands of flights canceled. In addition, the outage has affected Microsoft Azure cloud platform, leading to unresponsiveness and startup failures on Windows machines using the CrowdStrike Falcon agent. The outage is still impacting Azure virtual machines across different regions.
Insight: This incident highlights the importance of cyber resilience and the need for businesses to be prepared for unexpected events. It also emphasizes the interconnectedness of global systems and the potential for future outages.
# The Importance of Cyber Resilience
Cyber resilience is the ability of a business to anticipate, withstand, and recover from adverse conditions, including cyber attacks. It is crucial for businesses to prioritize cyber resilience as a core part of their operations, especially for CISOs and boards of directors. Boards are increasingly recognizing the importance of cyber resilience and are adding it to their risk management projects. High-profile ransomware attacks can be costly for businesses to withstand, as seen in the United Healthcare breach. Misconfigurations like the one that caused the recent outage highlight the need for a unique form of cyber resilience that becomes ingrained in a company’s DNA.
Insight: Cyber resilience should be supported by accurate and real-time reporting, allowing all stakeholders to own the outcome and ensure proper testing is completed.
# Lessons Learned from the Outage
CrowdStrike’s incident response team quickly determined the root cause of the outage and notified customers. It is essential for businesses to have an incident plan in place to handle unexpected events. Paul Davis, Field CISO at JFrog, commended CrowdStrike for their speedy action and transparent communication. CrowdStrike CEO George Kurtz continues to provide updates on the situation.
Insight: No software is perfect, and it’s how quickly businesses identify and recover from problems that matters most.
# Steps to Recover Affected Systems
CrowdStrike has provided instructions on their website for recovering systems affected by the outage. Starting the affected machine in safe mode is necessary to access the subdirectory where the Falcon Sensor software is embedded and perform the necessary updates. If the affected PC uses full-disk encryption software, the recovery key is required for each machine.
Insight: Following the provided instructions can help businesses recover their systems and mitigate the impact of the outage.
# Cyber Resilience as a Cornerstone of Customer Experience
The outage serves as a reminder that businesses need to prioritize cyber resilience to earn and maintain customer trust. Cyber resiliency goes beyond security initiatives and should be a cornerstone of customer experience. Businesses must evaluate their preparedness for similar events and strive to excel at cyber resilience.
Insight: The outage is a compelling event that highlights the need for businesses to prioritize cyber resilience and be proactive in strengthening their systems.
