Strengthening Cyber Resilience: Lessons from the CrowdStrike Incident

In partnership with

We are sitting at the intersection of cybersecurity and artificial intelligence in the enterprise and there is much to know and do. Our goal is not just to keep you updated with the latest AI, cybersecurity and other crucial tech trends and breakthroughs that may matter to you, but also to feed your curiosity.

Thanks for being part of our fantastic community!

In this edition:

• Did You Know - Service Disruptions and Change Management

• Article Spotlight - Strengthening Cyber Resilience: Lessons from the CrowdStrike Incident

• Artificial Intelligence news & Bytes

• Cybersecurity News & Bytes

• Valuable Information You Can Use - Crowdstrike Falcon Update Hub

• AI Power Prompt

• Social Media Images of the Week

 Did You Know - Service Disruptions and Change Management

• Did you know approximately 70% of organizational changes fail to achieve their intended outcomes. Effective change management significantly improves this success rate.

• Did you know The average cost of unplanned IT service disruptions is around $5,600 per minute. Proper change management helps prevent such costly incidents.

• Did you know 39% of employees resist organizational changes. Change management strategies focus on addressing this resistance through communication and engagement.

• Did you know Frequent changes can lead to “change fatigue.” Organizations need to strike a balance between innovation and stability to avoid overwhelming employees.

• Did you know 60% of security breaches occur due to misconfigured systems during changes. Change management ensures security protocols are followed.

• Did you know AI-driven tools can reduce change approval time by up to 50%, streamlining the process.

• Did you know Surprisingly, emergency changes have a higher success rate (around 80%) compared to standard changes. The urgency often leads to better execution.

• Did you know Organizations with mature change management practices experience 33% fewer failed changes.

Latest Article: Strengthening Cyber Resilience: Lessons from the CrowdStrike Incident

Global Outage

On July 19th, 2024, a faulty software update from CrowdStrike caused a massive global IT outage, impacting millions of devices and leading to significant disruptions across various sectors. Outages were experienced worldwide reflecting the wide use of Microsoft Windows with CrowdStrike software by global corporations.​ An estimated 8.5 million devices were affected, highlighting the vulnerabilities that even leading cybersecurity firms can face. (Wikipedia)​. Interestingly Apple Macs and Linux systems were not impacted, shedding light on the dangers of some configurations​ (Blackpoint Cyber)​​ (DW)​.

This article will explore key lessons from the CrowdStrike outage, offering actionable insights for IT leaders and organizations to bolster their cybersecurity resilience, reduce vendor dependency, and improve change management processes to avoid similar outages in the future.

Understanding the CrowdStrike Outage

Overview of the Incident

The CrowdStrike outage started early on July 19th, 2024, with a faulty content update. At 7:15 AM UTC, Google mentioned that a CrowdStrike update was the issue. Shortly after, CrowdStrike CEO George Kurtz acknowledged that a flawed kernel configuration file update from CrowdStrike had led to the issue. By 9:45 AM UTC, Kurtz assured that a fix was available and clarified that the outages were not a result of a cyberattack. Unfortunately, by this time the update was causing a global disruption, affecting critical sectors such as airlines, banks, and healthcare providers. Notably, Southwest Airlines avoided the issue as they were still operating on older Windows 3.1 systems​ (Wikipedia)​​ (Blackpoint Cyber)​.

Affected clients spanned various industries, emphasizing the widespread impact of the outage. For instance, flights in the United States were cancelled by most major airlines including American and Delta, Eurowings grounded flights in Germany and the UK, and Tegut, a German supermarket chain, had to close over 300 stores due to non-functional checkout systems​ (DW)​.

Importance of the Outage in Context

The CrowdStrike incident highlights the fragility of modern IT infrastructures, reminiscent of the SolarWinds breach, which similarly exposed systemic issues and vulnerabilities. Cybersecurity consultant Jake Williams emphasized that the incident has shown the unsustainability of pushing updates without proper IT intervention, calling for more robust change management practices​ (Wikipedia)​​ (Blackpoint Cyber)​.

Industry experts like Gregory Falco and Ciaran Martin echoed these sentiments, stressing the need for increased redundancy and diversification in cybersecurity practices to avoid such widespread failures​ (Wikipedia)​.

Key Lessons Learned from the Outage

Vendor Diversification

The CrowdStrike outage illustrates the risks of over-reliance on a single cybersecurity vendor. Financial institutions often mitigate such risks through vendor diversification. Effective strategies for diversification include conducting regular vendor assessments, integrating multiple security solutions, and fostering partnerships with a variety of providers to ensure comprehensive coverage​ (Blackpoint Cyber)​.

Change Management

Robust change management is critical to preventing outages caused by software updates. The CrowdStrike incident revealed significant lapses in patch management, highlighting the dangers of automatic updates that bypass thorough testing. Studies have shown that organizations without stringent change and release management processes are more prone to outages and operational disruptions​ (Wikipedia)​​ (Blackpoint Cyber)​.

Importance of Redundancy

Redundancy is a cornerstone of resilient cybersecurity systems. The CrowdStrike incident underscored the dangers of relying on a single cybersecurity provider, which can become a single point of failure. Organizations should implement diversified hosting environments and multi-cloud strategies to ensure that failures in one component do not cripple the entire system​ (Blackpoint Cyber)​.

Employee Training and Culture of Security

A culture of continuous training and testing significantly enhances availability and organizational resilience. Companies that invest in regular security awareness programs, testing, and simulations are better prepared to handle outages and incidents.

Time to Take Action

The CrowdStrike incident offers invaluable lessons on the importance of vendor diversification, change management, redundancy, and a strong culture of security. As the cybersecurity landscape continues to evolve, organizations must adapt their strategies and processes to stay resilient and remember it is not just cyber threats that can cause issues.

IT leaders are encouraged to conduct self-assessments of their current cybersecurity vendors, practices and processes and implement the proper oversight for your organization. By doing so, you can better navigate the complexities of the cybersecurity environment and protect your organization from future disruptions.

If you enjoyed this article. Please share this newsletter with others, if you don’t mind. Thank you.

Artificial intelligence News & Bytes 🧠

Cybersecurity News & Bytes 🛡️

If you are not subscribed and looking for more on cybersecurity take a look at previous editions of the Cybervizer Newsletter as it is loaded with cybersecurity and AI info, tips, prompts, and reviews.

Valuable Information You Can Use

- How Tos:

Here is a list of relevant how tos, so that you get even greater value that you deserve from this newsletter.

• Remediation Hub: Falcon Content Update for Windows Hosts

• 6 tips on how to consolidate your IT security tool set

• How to train an AI model: A Step-by-Step Guide.

• How to use RedHat Open Shift with multiple cloud providers

• Learn how to use Nutanix as a VMware Alternative in this video.

• Top 10 open source software risks and how to mitigate them

• How to scan a website for vulnerabilities: Top tools and techniques

- Manufacturer and Analysts Reports & Posts

I travel and meet with 100’s of C-level leadership from private and public organizations each year advising and sharing as requested. In doing so, I get asked all the time by CIOs and CISOs about where are some listings or reports that they can read about or learn more regarding a certain cyber or AI topic. So, here are some FREE highly credible reports that unveil some useful and timely information. Unfortunately, you might need to fill out a short form to gain access, but I have reviewed all of these. This list will continue to grow each week. Please let me know if you have some you would like to share with our community.

• CrowdStrike 2024 Global Threat Report

• The State of AI in Cybersecurity: How AI will impact the cyber threat landscape in 2024

• World Economic Forum - AI and cybersecurity: How to navigate the risks and opportunities

• The State of Cloud-Native Security 2024 Report from Palo Alto

• Hyperproof 2024 IT Risk and Compliance Benchmark Report

• State of AI in Cybersecurity Report 2024 by Mixmode

• 2024 State of Application Strategy Report by F5

Cybersecurity Check: See How You Stack Up

Ever wonder how your cybersecurity measures stack up against your peers?

With Critical Start's Quick Start Risk Assessments, you're just 15 questions away from discovering how your organization’s security compares with industry standards.

It's a quick, free way to find your strengths and get actionable steps to improve your defenses, so you can set yourself apart as a cybersecurity leader.

Why wait? Take the assessment and up your security game in minutes!

Best for: Organizations with 500+ employees.

Free Risk Assessment

AI Power Prompt

Create a curated list of cybersecurity articles for a given topic, and audience: It can be difficult to find fact-checked and cited information on the web. The following prompt can assist you in compiling a list of the most relevant, well-researched, fact-checked, and referenced content on a given topic.

#CONTEXT:

Adopt the role of an expert cybersecurity curator. Your task is to research, analyze, and compile a list of the most relevant and cited content on the specified topic within the cybersecurity field. The content you provide should be meticulously researched, thoroughly fact-checked, and referenced appropriately to ensure accuracy and credibility.

#GOAL:

You will create a curated list of high-quality, authoritative content on the given topic that serves as a reliable resource for cybersecurity professionals and enthusiasts. This list should help them stay updated with the latest trends, research, and best practices in the field.

#RESPONSE GUIDELINES:

Follow the step-by-step approach below to create the curated list:

Identify Key Sources:

Research authoritative sources in cybersecurity, including academic journals, industry reports, white papers, blogs by cybersecurity experts, and reputable news outlets.

Focus on sources known for their reliability, such as IEEE, ACM, SANS Institute, NIST, and top cybersecurity blogs.

Select Relevant Content:

Choose content that is highly relevant to the specified topic. This includes recent publications, groundbreaking research, widely cited papers, and insightful articles.

Ensure the content covers various aspects of the topic, such as theoretical foundations, practical applications, emerging trends, case studies, and expert opinions.

Evaluate Credibility:

Assess the credibility of each piece of content by checking the author's credentials, the publication's reputation, and the number of citations or references.

Discard any content that lacks proper citations, is outdated, or is published by questionable sources.

Organize the Content:

Categorize the selected content into meaningful sections for easy navigation. For example, sections could include "Academic Research," "Industry Reports," "Practical Guides," and "Expert Opinions."

Provide a brief summary for each piece of content, highlighting its key points and relevance to the topic.

Compile the List:

Create a comprehensive list that includes the title, author, publication date, source, and a brief summary for each selected piece of content.

Ensure the list is well-structured, easy to read, and includes all necessary references.

Review and Finalize:

Thoroughly review the curated list to ensure all content is relevant, credible, and accurately summarized.

Make any necessary revisions to improve clarity, readability, and accuracy.

#INFORMATION ABOUT ME:

Topic: [TOPIC]

My role: [CYBERSECURITY CURATOR]

Target audience: [CYBERSECURITY PROFESSIONALS AND ENTHUSIASTS]

Key sources to consider: [KEY SOURCES]

Content preferences: [CONTENT PREFERENCES]

#OUTPUT:

The output should be a structured, annotated list of the most relevant and cited content on the specified topic within the cybersecurity field. Each entry should include the title, author, publication date, source, and a brief summary. The list should be formatted clearly and include proper references for all cited content.

Social Media Image of the Week

Questions, Suggestions & Sponsorships? Please email: [email protected]

Way to go for sticking with us till the end of the newsletter! Your support means the world to me!

Also, you can follow me on Twitter(X) @mclynd for more cybersecurity and AI.

Thank you!

If you do not wish to receive this newsletter anymore, you can unsubscribe below. Sorry to see you go, we will miss you!