Partner Program Overview
Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.
Learn MoreInfrastructure
Quick Links
Case Study
Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.
Learn MoreFeatured Topic
Newsletter
CrowdStrike has recently released its preliminary Post Incident Report (PIR) that addresses the massive IT systems outage on July 19, 2024, when an estimated 8.5 million computers across the world started displaying the infamous “blue screen of death (BSOD). And in their word, due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data. When received by the CrowdStrike sensors and loaded into their Content Interpreter, problematic content resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, by Windows computers resulting in a BSOD.
What began as a software update, the resultant tech glitch led to chaos across sectors, especially airports, businesses, and broadcasters, with aviation bearing the brunt of inaccessible systems.
A black swan event is a metaphor that describes an event that comes as a surprise, has a significant effect, and is often inappropriately rationalized after the fact with the benefit of hindsight. This event was a digital black swan. Unforeseen and unpredictable, this event has led to severe consequences. As is usually true with Black Swan events, like the Tsunami affecting the nuclear plants in Japan or the terrorist attacks now famously referred to as 9/11, no amount of business continuity planning would be enough to withstand the effects. And like all Black Swans, as CrowdStrike and Microsoft are under regulatory scrutiny, most people trying to explain this event, are making it seem predictable in retrospect.
While this was not a cyberattack, reports of phishing emails, fake websites, and impersonation scams have surged in the past few days, with bad actors seeking to capitalize on the confusion. The first indicator was the emergence of multiple phishing domains that came up in just four hours.
A whole criminal enterprise out there is waiting to scam money out of people whose computers were affected, and I wouldn’t be surprised if fake calls skyrocket and gullible people lose money or allow another cyberattack.
Microsoft has released a new tool to address this issue, as CrowdStrike took immediate measures to address the glitch. However, the path forward demands more than quick fixes. Industry leaders are now concerned that people might turn off automatic updates following this debacle.
Actually, that would be another disaster in the making because more costly disasters can happen when software are not properly updated. Let us look at the mirror. If your organization can validate every upgrade promptly, you’re among the elite few. For everyone else, automatic updates remain crucial despite this disaster. And history shows unpatched systems have caused far greater harm. It is apparent that the testing capabilities will be questioned (did CrowdStrike use a Canary/Staged deployment), Microsoft’s blue screen of death will be questioned (why have the BSD at all?), and it will be questioned globally. Many are of the view that there is need to balance speed vs security posture everytime a security update is essential.
The most significant learning from this event is that Enterprises planning to go digital can only do so by investing in digital resilience. The industry has now realized that resilience must be associated with the ability to thrive amidst digital disruptions. Risk experts and leaders have consistently asserted that the mitigation of Black Swans is beyond the scope of business continuity planning and cyber crisis management.
Similar to the pandemic insurance done by Wimbledon, only a very few organizations have done something about risks that are extremely rare and catastrophic and have invested in insurance policies that cover IT unavailability, but even they will have to do with other impacts that may spill over customers and communities. This could very well turn out to be the opportunity for the insurance vendors to step in and insure against digital disruptions.
In the financial industry, concentration risk is the potential for a loss in the value of an investment portfolio or financial institution when a group of exposures moves together in an unfavorable direction. This loss can be so significant that recovery is unlikely. Many technology and business leaders are reconsidering the concentration of technology for critical systems.
Will regulations and boards determine the concentration of technology as a risk and attempt to address it? It is not easy. Probably regulations like DORA will attempt to bring in conditions that force enterprises to assess their digital postures for similar risks. Both Microsoft and CrowdStrike have been asked to explain their positions.
Notably, the recent update notably left Apple Systems unaffected. Was this because Apple’s operating system is more intricately linked with its hardware and software? Did the “walled garden,” offer substantial advantages in addressing external software issues? Would the oversight committees ask Microsoft to follow the Apple model? It remains to be seen.
But it is a difficult choice for Boards. Is there a way to disinvest in specific technologies to even out the impact of something similar? In this case, both Microsoft and CrowdStrike, leaders in their fields have been adopted by businesses across the world because of their significant contributions to the effective use of modern digital technology.
CrowdStrike’s calling card used to be low noise, something that every CISO loved. They update systems, and unlike earlier technologies, you get used to the fact that they actually did the update quietly. This incident has hurt their reputation for reliability. In their PIR they have promised to remediate through Software Resiliency and Testing and Rapid Response Content Deployment. We will know more when CrowdStrike completes their investigation and publicly releases the full Root Cause Analysis.
The elephant in the room is the impact on Breach Readiness. The CrowdStrike patch was to handle some deficiencies or vulnerabilities or weaknesses that could be exploited. With the rollback, we remain vulnerable. And with enterprises focusing on recovery, they would be sitting ducks if someone with the requisite knowledge were to attempt infiltration.
While enterprises focus on recovery, would enterprises recover to the earlier level of Breach Readiness, post-recovery? If the past is any indication recovered systems may not be at the same level. At the time of writing this, Delta Air Lines is under investigation by the U.S. Department of Transportation’s Office of Aviation Consumer Protection as the airline scraps hundreds of flights for a fifth straight day.
I feel that today is when you should invest in breach ready microsegmentation, if you have not done it yet. It is the strategy that provides breach readiness by dividing your IT environment into distinct security segments, making it harder for attackers to move laterally within the network. Investing in breach ready segmentation right after a black swan event like the CrowdStrike and Microsoft incident ensures that your business remains secure even when vulnerabilities arise.
The key in preventing breaches is in the amount of effort one puts into readiness.
To know more about breach ready microsegmentation, feel free to reach out to us.
By submitting this form, you agree to ColorTokens
Terms of Service and
Privacy Policy