2 weeks on from the Crowdstrike outage

It’s now two weeks on from the Microsoft Blue Screen Of Death which greeted Windows users as they logged into their work systems. The now infamous CrowdStrike update caused widespread outage; 8.5 million windows devices fell victim to the update error – flights were grounded, banking systems went offline, and GPs couldn’t access records, take online bookings, or perform repeat prescriptions.

So, what happened?

CrowdStrike, one the world’s most established Cyber Security providers, released an update that was intended to protect Windows devices from malicious attacks (the irony!). This update then caused all devices to restart without warning during the start-up process, which then caused them to get stuck in a loop where a reboot couldn’t be completed and users ultimately could not log in.

What can we learn?

Most of us are not naive to the fact this isn’t the first and won’t be the last major IT outage or incident to impact organisations, at a global or individual scale, in this way. And while unfortunate for Crowdstrike, it is a learning opportunity for others. In this case it has highlighted the importance of establishing processes and procedures around incident response and disaster recovery. In particular, how having a back-up and recovery process for your systems is key to returning your business to BAU as soon as possible, while also having the best possible chance of keeping your data intact.

2 weeks on – what should you have done?

1. System Stability Verification: Ensured all affected systems are patched and functioning correctly.
2. Implement Security Protocol: Restore from pre-incident backups if necessary and conduct a security audit.

What should you be doing now?

Back-Up Strategy

• Schedule regular back-ups
• Ensure back-ups are stored securely

Security Enhancements

• Update Antivirus and/or Antimalware tools
• Implement Muli-Factor Authentication for an extra security layer
• Segment your Network to limit the spread of potential breaches

Employee Training

• Targeted Phishing testing supported by Cyber Awareness Training
• Incident Reporting Procedures

Continuous Monitoring

• Threat Detection Systems for breach monitoring
• Log Analysis Reviews for unusual activities or unauthorised access

Incident Response

• Update your incident response and disaster recovery plan to incorporate lessons learned

What else can I do?

Businesses need to strengthen their continuity strategies to deal not only with events like CrowdStrikes but also with the evolution of cyber threats. Continuous monitoring is key to limiting this threat.  The cyber threat does not stand still and is continually evolving, meaning you must have an up-to-date defence in place

1. Threat detection: Make use of advanced threat detection systems to monitor potential breaches.
2. Log analysis: Regularly review logs for signs of unauthorised access or unusual activities.