On July 19, several organizations experienced delays to a Microsoft and Crowdstrike outage that began the night before. Complications such as delayed flights continue to affect individuals worldwide days after the outage.

Security leaders have shared their thoughts about the outage and advice for other organizations to protect themselves.

Aleksandr Yampolskiy, CEO, SecurityScorecard

“When I used to work at Goldman Sachs, the policy was to get tools from multiple vendors. This way, if one firewall goes down by one vendor, you have another vendor who may be more resilient. Today’s global outage is a reminder of the fragility and systemic “nth-party” concentration risk of the technology that runs everyday life: airlines, banks, telecoms, stock exchanges and more. 

An outage is just another form of a security incident. Antifragility in these situations comes from not putting all your eggs in one basket. You need to have diverse systems, know where your single points of failure are and proactively stress-test through tabletop exercises and simulations of outages. Consider the “chaos monkey” concept, where you deliberately break your systems — e.g., shut down your database or make your firewall malfunction to see how your computers react.

This disruption creates a fertile ground for exploitation, as attackers prey on the vulnerability of users seeking solutions. The timing of this event and how public it is happens to be exactly what attackers look for to craft targeted attacks. Threat actors may use social engineering tactics to disguise malware as legitimate restoration tools to gain unauthorized access to systems. Vigilance is paramount, as organizations must not only address the outage but also fortify defenses against opportunistic attacks that exploit the chaos.”

Mr. Narayana Pappu, CEO, Zendata

“The CrowdStrike outage highlights the risks associated with entrusting software updates to external partners or services, something unimaginable even five years ago, and the importance of understanding software supply chain risk.”

Nick France, Chief Technology Officer, Sectigo

“Modern technology is incredibly complex, perhaps even more so when you’re in a regulated industry like banking or healthcare. When you connect to the cloud you add further attack vectors — or potential vulnerabilities — for bad actors or innocent mistakes to blow up into global outages like we’re seeing today. Online banking becomes a key target for bad actors due to the value of data that can be stolen. That’s why the role of digital identities is so incredibly important for any business, but particularly the banking sector, to ensure only the right people have access to certain data.”

Alan Stephenson-Brown, CEO, Evolve

“This is a timely reminder that operational resilience should be at the forefront of the business agenda. Demonstrating that even large corporations aren’t immune to IT troubles, this outage highlights the importance of having distributed data centers and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritizing both contingency planning and preventative measures, IT systems can be protected. I urge business leaders to seriously appraise the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outages headline.”

Ruban Phukan, First Data Scientist, Yahoo & CoFounder, GoodGist

“In the software world, black swan failure events such as the CrowdStrike-Microsoft outage do occur. While the widespread impact of such situations cannot be understated, most people fail to see the tremendous pressure it puts on all companies that are thwarted into a customer support nightmare. In this case, it is not just CrowdStrike or Microsoft but also the many industries from software and travel to finance whose services went down with this outage. Everyone in such scenarios must not only identify the root cause and solve the problem rapidly but also handle an avalanche of customer queries and support tickets raised at an unprecedented rate, providing workaround solutions or mitigating misinformation-related side effects. This compounds into a significant human-scale problem.” 

Kory Daniels, CISO, Trustwave

“The recent CrowdStrike outage underscores a growing concern: the potential for widespread disasters, either natural or digital, to serve as catalysts for criminal activity. When systems fail and chaos ensues, it creates ideal conditions for criminals to prey on the unique opportunity. History has shown us that these moments of disruption are often accompanied by a surge in criminal behavior. It’s essential to recognize that the digital landscape, like the physical world, is susceptible to unforeseen events, and we must be prepared to defend against criminal acts that may follow. To bolster readiness and resilience, organizations must prioritize robust incident response and recovery planning, encompassing scenarios that simulate the unavailability of critical systems and personnel. This requires comprehensive strategies addressing both natural disasters and cyberattacks. Regular testing and simulation exercises are essential to equip teams for effective crisis response. Fostering a culture of resilience can heighten overall organizational vigilance and preparedness.”

https://www.securitymagazine.com/articles/100872-security-leaders-share-thoughts-on-microsoft-crowdstrike-outage