Post-CrowdStrike Outage: Key Measures for Tech and Security Leaders

The CrowdStrike IT outage quickly became a notable event in technology history, and July 19, 2024, was marked as a day that would be remembered for years, both by IT professionals and the general public. As technology leaders and professionals worked tirelessly to restore confidence among stakeholders and the public, cybercriminals seized the opportunity by launching phishing scams, setting up fake support phone numbers, and creating websites that offered fraudulent remediation files, claiming to help restore operations.

The Register, a popular online technology news and opinion website that companies used to skip security reviews of major app updates about half the time. In response to CrowdStrike disruption, this trend is expected to change. The primary focus for long-term strategy is to shift towards reducing the risk of such widespread business impact or exposure in the future, ensuring that an event like the CrowdStrike outage would not have such far-reaching consequences again. The first priority should be to conduct a thorough post-mortem of the incident. This involves gathering all relevant data, engaging stakeholders, and performing a detailed root cause analysis. By understanding whether the outage was caused by a technical failure, human error, or an external factor, organizations can document the findings and develop strategies to prevent similar incidents in the future.

Enhance Incident Response Plan

Following the analysis, leaders should focus on enhancing their incident response plans. Lessons learned from the outage should be integrated into updated procedures to improve detection, communication, and recovery processes. Additionally, it is vital to conduct tabletop exercises and simulations to ensure that the security team is fully prepared to handle similar situations. Regular training sessions should be held to familiarize all relevant personnel with any new processes or tools that have been introduced.

Strengthen Monitoring and Detection

Strengthening monitoring and detection capabilities is another crucial step. Organizations should enhance their monitoring systems to identify anomalies or potential issues earlier, thereby reducing response times. The integration of automation tools can further streamline detection and response processes, minimizing the risk of human error and ensuring a faster, more efficient response to incidents.

Evaluate and Diversify Security Tools

It’s also important to reevaluate and diversify the security tools currently in use. By assessing the effectiveness of existing tools and identifying any single points of failure, organizations can determine whether alternatives or redundancies are necessary. Where feasible, avoiding an over-reliance on a single vendor for critical security functions can help mitigate the risk of a similar outage affecting the entire security infrastructure.

Communicate with Stakeholders

Effective communication with both internal and external stakeholders is essential in the aftermath of an incident. Internally, transparency about what happened, the steps taken to resolve the issue, and future preventive measures will help build trust and prepare teams for potential questions from clients or customers. Externally, clear and timely updates should be provided to customers or partners if they were impacted by the outage, outlining the incident, the resolution, and the steps being taken to prevent future occurrences.

Review SLAs and Vendor Contracts

Reviewing Service Level Agreements (SLAs) and vendor contracts is also a necessary action. Leaders should examine the SLAs with CrowdStrike and other critical vendors to ensure they meet organizational requirements for uptime and support. If the SLA was breached during the outage, renegotiating terms to include better guarantees or compensation for future incidents should be considered.

Conduct a Risk Assessment

In addition, improving business continuity planning is essential to ensure that future incidents do not cause significant operational disruptions. This may involve enhancing redundancy for critical security tools or verifying that backup and recovery processes are robust enough to handle unexpected outages. A comprehensive risk assessment should be conducted to identify any vulnerabilities exposed by the outage, and appropriate mitigation strategies should be developed and implemented.

Regulatory Compliance Review

Finally, ensuring regulatory compliance in the wake of the outage is crucial. Organizations should review any regulatory requirements related to security incidents and take steps to remain compliant, including reporting the incident to regulators if necessary. Preparing for possible audits by ensuring that all incident-related documentation is accurate and complete is also advisable.

By taking these steps, tech and security leaders can not only recover from the outages of bigger magnitude but also strengthen their overall security posture, making their organizations more resilient to future incidents. This proactive approach will help safeguard the organization against potential disruptions and enhance its ability to respond to unforeseen challenges.

Talk to our experts to learn more.