As a veteran CIO/CISO and renowned technology analyst, boasting 35 years of in-depth experience, I have had the misfortune of witnessing numerous high-profile cybersecurity breaches. Despite the usual nature of technology outages, the recent CrowdStrike disruption is notable for its far-reaching impact across multiple industries. What follows is a comprehensive examination of the events surrounding this crisis, its aftermath, and the valuable lessons that can be drawn from this experience.
As a pioneer in IT, I embarked on my career in the late 1980s with the development of PleadPerfect, a notable software component that marked the beginning of my professional journey. Throughout my career, I’ve had the opportunity to wear multiple hats, having worked as an engineer, architect, and government official at both large and small organizations. As a seasoned executive, I have served as a Chief Information Officer (CIO) and Chief Information Security Officer (CISO) for large organizations with annual incomes ranging from $10 million to $100 million over the past two decades.
Upon initial notification of the CrowdStrike-related outage, I responded with profound alarm. I observed a moment of quiet respect for the countless hours my colleagues and I, as IT executives, had invested outside of office hours, rectifying a preventable problem that should never have disrupted our friends’ and families’ daily lives. It’s distressing to see a lack of rigorous quality assurance methodologies employed by CrowdStrike. It’s crucial that these issues were identified and addressed during the testing phase before being made available to the broader audience. The fact that it has had a lasting impact on every Windows operating system since 2008 is utterly unacceptable.
Installed at the operating system’s core, CrowdStrike’s Falcon software enables robust machine protection through its integrated design. Despite this tight integration, however, it also gives rise to critical problems whenever updates are not thoroughly checked. A defective replacement LED led to widespread instances of the notorious “Blue Screen of Death” (BSOD), causing machines to crash and refusing to recover normally.
Restoring booting machines to a protected mode state, while also deleting a CrowdStrike file, proved challenging due to the inability to remotely enter protected mode on each system and operating system. Moreover, adhering to best practices demands encrypting the boot drive using BitLocker, thereby necessitating a decryption key to access the secure operating environment in protected mode. Occasionally, these malfunctioning keys can become stuck in programs, exponentially increasing the time and effort needed to recover from this issue.
Incidents like these are a harsh reality in the cybersecurity sector, but this one stands out for its particularly devastating impact since it originated from a quality assurance and testing flaw rather than a cyberattack. The seamless fusion between Falcon and the operating system amplified the damage’s reach, rendering the recovery process even more arduous.
While all sectors have felt the impact, those deemed essential to a functioning economy – such as infrastructure – have borne the brunt of the disruption. When global economies are threatened by disruptions, three sectors stand out as particularly perilous: air travel, financial institutions, and healthcare facilities, including hospitals and emergency services. The world’s major airlines, including the United States’ three largest carriers, suspended numerous flights and communication networks globally. Widespread global outages affected banks in numerous countries, while hospital networks faced severe disruptions to their operations.
While CrowdStrike’s initial response was prompt, it remains unclear what additional measures they intend to take at this juncture. George Kurtz’s apology fell short of being truly remorseful, lacking a sense of full accountability for the unfortunate incident. While it’s undeniable that other factors have contributed to the situation, it’s ultimately CrowdStrike’s responsibility. While their dedication is admirable, serving everyone affected means they’re currently supporting 24,000 individuals – a number that makes it impossible for each to receive individualized attention. Billions of dollars’ worth of harm is being inflicted on these firms as a result of this outage.
A crucial lesson learnt is that vigilance is necessary when entrusting beliefs to various entities and individuals. Ensure that your contracts enable you to seek damages, serving as a potential remedy in the event of unforeseen circumstances. What would happen to our data? The proliferation of companies forced to recreate their backup systems solely to recover data because they lack access to or should not possess their BitLocker encryption keys is astonishingly common.
To successfully prepare for and prevent similar issues, develop and thoroughly test your disaster recovery plans. Consider implementing distinct, unrelated safety tools for redundant and recovery purposes to mitigate the risk of similar attack pathways. Ensure robust backup and restoration infrastructure is in place, treating it as a critical enterprise operation and meticulously hardening it to the highest degree possible?
The extent to which this event shapes future cybersecurity measures and insurance coverage remains to be seen. Despite the SolarWinds and CrowdStrike breaches serving as cautionary tales about neglecting best practices, a crucial distinction exists between these two incidents.
Emerging technologies such as artificial intelligence (AI) and machine learning have the potential to proactively identify and mitigate similar incidents by detecting potential weaknesses before they escalate into problems. Despite these challenges, the key to successful resolution may lie in overhauling existing procedures and introducing independent, impartial third-party verification to ensure that specialized consulting companies adhere to best practices.
As a stalwart observer in the technology sector, I maintain a keen eye on emerging cybersecurity trends and risks through meticulous research, staying abreast of industry advancements, and engaging with relevant media and peers.
As I share my guidance with fellow CIOs and CISOs, I urge them to prepare for the most unfavorable scenario and anticipate potential risks. Failing to prepare for unforeseen events can leave you in a precarious position if the board demands an explanation, putting you at risk of being caught off guard and struggling to articulate a coherent response.
The recent CrowdStrike outage served as a stark reminder to many in the tech industry. The incident starkly revealed the fragilities of our increasingly interconnected landscape, underscoring the imperative need for robust cybersecurity safeguards. By drawing lessons from this experience and applying the principles discussed earlier, we will better prepare ourselves to prevent similar incidents in the future.
As cyberattacks continue to evolve, it’s crucial we stay one step ahead by maintaining a heightened sense of vigilance, remaining prepared for new threats, and proactively fortifying our digital defenses to ensure robust protection.
