Microsoft crowdstrike outage

Why the Crowdstrike Incident is NOT Solely Crowdstrike’s Fault 


In the past week, the cybersecurity community has been abuzz with news of an incident involving Crowdstrike, a leading name in endpoint security. While the initial reaction often points fingers at the security provider, it’s crucial to understand that the responsibility is not entirely theirs. The intricacies of incidents related to updates are multifaceted, and a closer examination reveals that other factors contribute significantly to such outages. 

Understanding the Incident 

The incident in question involved a bug in the Crowdstrike update package that caused Windows systems to display the “Blue Screen of Death”. It’s important to recognize that when organizations choose to install third-party products, they inherently accept certain risks. This is not an indictment of the third-party vendors themselves, but a reflection of the complexities involved in managing an interconnected digital environment. 

The Role of Third-Party Products 

Third-party products are essential for enhancing functionality and efficiency within an organization’s IT infrastructure. However, they also introduce potential issues if not implemented and managed strategically. When these products are integrated into critical systems without thorough vetting and risk assessments, they can become a bigger risk itself. This highlights the importance of rigorous vendor management and security practices. 

Vendor Management and Security Practices 

Organizations must adopt robust vendor management practices to mitigate risks associated with third-party products. This includes: 

  • Regular Security Assessments: Conducting comprehensive security assessments of third-party products before and after deployment. 
  • Continuous Monitoring: Implementing continuous monitoring to detect and respond to vulnerabilities in real-time. 
  • Vendor Risk Management: Establishing a vendor risk management framework that evaluates the security posture of third-party vendors and their products. 

By implementing these practices, organizations can significantly reduce the risk of third-party vulnerabilities affecting their critical systems. 

Updating Critical Systems: A Strategic Approach 

One critical aspect of the recent incident was the sequence in which system updates were applied. The practice of updating critical systems first can expose these systems to vulnerabilities if the updates are not thoroughly tested. A strategic approach to system updates is essential to prevent such scenarios. 

  1. Update Less Critical Systems First: Start with low-risk, less critical systems. This allows organizations to identify any potential issues with updates in a controlled environment, minimizing the impact on critical operations. 
  1. Staggered Rollout: Implement updates in phases, allowing for monitoring and assessment after each phase. This approach ensures that any issues can be addressed before they affect critical systems. 
  1. Thorough Testing: Conduct extensive testing of updates in a controlled environment that mimics the production environment. This helps identify potential conflicts or bugs that could arise from the updates. 

Shared Responsibility in Cybersecurity 

The Crowdstrike incident portrays the principle of shared responsibility in cybersecurity. While security providers like Crowdstrike play a vital role in protecting endpoints, organizations must also take proactive measures to secure their environments and not solely depend on tools. This includes: 

  • Robust Internal Security Policies: Establishing and enforcing stringent security policies within the organization. 
  • Employee Training: Ensuring employees are trained in cybersecurity best practices to prevent human errors that could lead to breaches. 
  • Incident Response Planning: Developing and regularly updating incident response plans to quickly and effectively address security incidents. 
  • Managed Security Service Providers (MSSP): MSSPs are a step above product vendors. MSSPs like Sennovate provide the tools, expertise, and strategic support your business needs to ensure resilience. 

Conclusion 

Blaming Crowdstrike solely for the recent incident oversimplifies the complexities of modern cybersecurity threats. The reality is that securing an organization’s digital environment requires a collaborative effort between security providers and the organizations themselves. By adopting robust vendor management practices, strategically updating systems, and fostering a culture of risk assessment, organizations can better protect themselves against similar incidents in the future. 

In the end, the incident serves as a reminder that cybersecurity is a dynamic and shared responsibility. It is through collective vigilance and proactive measures that we can build a more secure world. 

Listen to our podcast episode with our CTO, Arun Kumar Krishna to discover more details on what really happened!

Don’t let unforeseen incidents disrupt your business. Sennovate is your trusted partner in navigating cybersecurity challenges. Contact us today to learn how our comprehensive suite of services can protect your organization. Reach out to us at [email protected] or +1 925 918 6565 to safeguard your business!