Wednesday, July 31, 2024

CrowdStrike was disruptive, but how prepared were businesses in the first place?


By Dr. Tim Sandle
DIGITAL JOURNAL
July 29, 2024

A flawed update sent out by the little-known security firm CrowdStrike brought airlines, TV stations, and myriad other aspects of daily life to a standstill - Copyright AFP Raul ARBOLEDA

The silicon dust is beginning to settle on the CrowdStrike outage (described as the largest IT outage in history – one that will cost Fortune 500 companies in the U.S. alone more than $5 billion in direct losses), yet there remains a considerable amount to debate and to puzzle over.

The incident related to a software update that caused a widespread outage to Microsoft systems, resulting in grounded flights and disruptions to other major industries.

To gain different perspectives, Digital Journal reached out to three leading cybersecurity experts to garner a new take on the situation.

Vendors are still suffering impacts

First up is Jake Williams: former NSA hacker, Faculty at IANS Research, a Boston-based cybersecurity research and advisory firm, and VP of R&D at Hunter Strategy.

Williams begins buy assessing the shockwave: “Vendor management teams should take inventory of which of their vendors are still suffering impacts from the CrowdStrike event. This will be important for future Business Continuity Plan (BCP) planning. If an organization can’t recover quickly from a relatively simple fix like this, they will fare far worse if hit with ransomware.”

This leads to Williams’ substantive point – the need for businesses to be ready for any eventuality: “One of the most important things you can do for your security program this week is to proactively discuss security controls with your stakeholders. Acknowledge that automatic content (signature) updates pose a risk, but delaying those updates is an even greater risk.”

Williams advises: “Talk candidly about vulnerability management and how this plays into the equation. Most importantly, don’t wait for stakeholders to come to you; when they do, they’ll likely have already taken a position, often an uneducated one. By being proactive, you get to control the narrative. As my vet says, it’s far easier to prevent heartworms than to treat them.”

The second commentator is Scott Kannry: Co-founder and CEO of Axio, a SaaS provider of cyber risk management and quantification solutions.

The failure of key technological dependencies impedes businesses

Kannry focuses on the ‘here and now’, of how firms should rise to the challenge: “The critical focus for companies needs to shift to impact minimization. As Board Members and CEOs query their CISOs and Chief Risk Officers, it’s clear that while high-calibre companies like CrowdStrike can suffer such events, the key lies in preparedness. Organizations must thoroughly understand how the failure of key technological dependencies can impede their business and actively work on minimizing such impacts.”

What does tis entail? “This process, grounded in enterprise risk management, involves identifying core products and services, understanding the technologies and processes that enable them, and assessing the resiliency against potential failures. Ultimately, it’s a cost-benefit analysis of risk and resilience that aligns financial and security perspectives, ensuring companies are better prepared for future disruptions. Given the inevitable recurrence of such events, focusing on impact minimization is essential to safeguarding business operations and mitigating significant damage.”


The need to adopt best-of-breed solutions

Third is Pranava Adduri, former founding engineer at Rubrik and CTO and co-founder of Bedrock Security, a data security company.

Adduri ponders over the weaknesses that have made more firms vulnerable to such events: “Security platform consolidation has primarily been driven by the goals of reducing costs and management overhead. Over time, the industry has shifted from best-of-breed solutions to all-in-one, consolidated platforms. When evaluating a platform, it is crucial to recognize that you are investing not only in technology but also in the engineering quality of the team behind it.”

On the subject of drift, Adduri notes: “The further a platform diverges from its core competency, whether it’s EDR or NextGen Firewall, the lower the engineering quality potentially becomes. Last week’s outage revealed significant gaps in the engineering quality of a core EDR product line. Customers utilizing the broader platform offerings (cloud, data, etc) of such vendors need to consider the correlated risk they assume when purchasing secondary product lines. This underscores the need to continue to adopt best-of-breed solutions, which ensure specialized focus and higher engineering standards for that domain.”

No comments:

Post a Comment