Crowdstrike Outage: Comment and Reaction From the Software Sector -

Some comment and reaction to the Crowdstrike online outage/attack;

CYBERCUBE

CyberCube’s Cyber Aggregation Event Response Service (CAERS) has been activated as a result of the CrowdStrike/Microsoft event. CAERS provides up-to-date intelligence on major cyber catastrophes worldwide as they unfold to ensure CyberCube clients have the most relevant information regarding significant aggregation events.

A spokesperson said:

“CyberCube has a formulated Aggregation Event Response plan, which has been activated as a result of the ongoing CrowdStrike/Microsoft event. This plan is designed to help our clients understand the implications for their business of a major cyber event. We are working through the response plan and will communicate with clients as we have relevant information.”

NETSCOUT

Eileen Haggerty, AVP product & solutions at NETSCOUT, comments on the chaos today’s outage has caused for enterprises and organisations across industries, as well as the importance of maintaining and securing networks to avoid similar outages in the future:

“The IT outage currently affecting a wide selection of organisations including airlines, media and banks appears to have been caused by a faulty software update. Hospitals and healthcare treatment providers have also been affected with several major hospitals cancelling non-urgent surgeries and others announcing they can still accept appointments but cannot currently connect to patient records, instead having to rely on paper records.

“Implementing system updates effectively requires carrying out preventive maintenance and routine upgrades to ensure services can operate at optimal efficiency. By carrying out maintenance checks and regular updates, organisations can mitigate the risk of unexpected downtime and, in turn, prevent fiscal and reputational losses. To avoid downtime resulting from system outages, as well as the chaos and performance disruption that accompanies it, organisations’ IT teams need complete end-to-end visibility into the threats against their network. This allows organisations to monitor networks and applications regardless of where they are hosted or where users access them.

“Additionally, to fully understand and secure an organisation’s network, IT teams should conduct proactive synthetic tests, ensuring application functionality and simulating real user traffic respectively. These tests help measure the quality of the user experience and get ahead of performance issues before users themselves encounter negative impacts.

“Looking ahead, as a way of learning from today’s global IT outage, organisations should use visibility tools for post-mortem, allowing them to build a detailed repository of information based on previous issues they have encountered, helping them to deal with future challenges more effectively and efficiently.”

BLACKBERRY CYBERSECURITY

Keiron Holyome, VP UK & Emerging Markets, BlackBerry Cybersecurity:

“Given this outage is impacting some of the most critical systems, networks and applications in the world, the response must be met with speed, accuracy, and accountability. Here, a critical event management (CEM) solution can provide real-time visibility to ensure a quick and informed response as the crisis evolves. It is too early to say the exact root cause, however, this is likely another example of legacy cybersecurity practices in play, with complex EDR and heavy endpoint agents a major infrastructure risk and unnecessarily complex. Using a lightweight AI on the endpoint can avoid these types of outages, as it protects your environment without heavy agents and regular updates that put your operations at risk.”

“More broadly, today’s global IT outage serves as a stark reminder that the best defence is a good offence. Understanding your vulnerabilities and risks through regular testing is paramount, not only when deploying new software but consistently over time. To protect against potential threat actors who seek to take advantage of IT outages, a combination of AI-enabled internal and external penetration testing assessments remains vital. These reveal how an outside threat actor with authorised access, or one starting from within the internal network, could compromise assets through ever-evolving tactics, techniques and procedures. The performance and security of your systems is only as good as its least secure hardware and software components, so blind spots need to be addressed as a priority to keep companies operating as usual.”

INITFORTHE

Tom Simnett founder and director of Manchester based tech company ‘Initforthe’ said today;

“It is an unfortunate consequence of everyone relying on cloud based platforms; when they go down, everyone is affected and it becomes hugely disruptive. Once upon a time, everyone had their own installations of apps and software and so the problem was limited only to one data centre or one office.

In the time since I saw this this morning, I’ve had a message from my GP saying they can’t do anything, I can’t check my flights on Ryanair and countless other businesses are hugely affected. A reliance on single providers for everything (businesses that rely for instance on using the whole of Office 365 to run their business – Sharepoint, Outlook etc) creates a single point of failure and whilst that in itself isn’t necessarily an issue, the risk is that such a big reliance on something that isn’t in your own control puts businesses in a high risk environment unnecessarily.

Contrast that with a bespoke system in a datacentre on a server, and the risk of someone elses update affecting you are next to zero.”

SUPPLY WISDOM

Jenna Wells, Chief Customer & Product Officer at Supply Wisdom:

“The CrowdStrike crisis has shown us that proactively knowing your critical vendors, AND their critical vendors (3rd, 4th, N’th Parties, etc.) is crucial for ensuring the stability and resiliency of your business operations. By thoroughly understanding your entire vendor population and ecosystem, and its interdependencies, you can not only anticipate potential disruptions – you can quickly identify vendors affected by disruptions and not lose precious time doing discovery. This proactive approach of having your critical suppliers and their critical suppliers continuously monitored and tagged to each other allows for better risk management, as you can identify and mitigate vulnerabilities and disruptions within the supply chain before your competitors.

This extended, continuous visibility into your supply chain can quickly mitigate issues as they arise, minimize delays, and allow for more effective contingency planning. Avoiding or minimizing such ICT disruptions is the reason why regulators globally have introduced Operational Resilience as well as why the EU has brought in the Digital Operational Resilience Act (DORA), aimed at increasing security and resilience measures for the financial sector. This is just one regulatory example of why you need full visibility and continuous monitoring of your entire supply chain, not just third parties.”