While unintentional in nature, the recent CrowdStrike outage caused disruptions that reverberated throughout the global IT community. And while CrowdStrike and Microsoft were immediately hard at work to rectify an estimated 8.5 million computers affected worldwide, guess who’s hard at play taking advantage of the situation? Cybercriminals and their phishing schemes. Now is the time for IT and cybersecurity professionals in every company to work with their organizations to help them understand the implications of the outage, and the importance of prioritizing resiliency plans to help prevent something similar occurring again in the future.

The Vital Role of IT and Cybersecurity Professionals and Essential Discussion Points

In the aftermath of the CrowdStrike outage, you have a critical role to play as an IT or cybersecurity professional. You can offer your organization much-needed guidance on navigating this type of crisis in two ways: 1) Helping them comprehend the situation, and 2) Advising them on how to strengthen their defenses to avoid a similar disaster from impacting them in the future. (Remember, any sized company is vulnerable to modern cyber threats.)

1) Understanding the Outage

IT and cybersecurity professionals should explain the cause of the CrowdStrike outage and its impact in a sufficient amount of detail. This will help their company grasp the severity of the situation and the need for any immediate action.

It is important to note that the CrowdStrike/Microsoft outage was NOT a cyberattack. The incident began with a software update. As part of its ongoing threat protection, CrowdStrike regularly updates its sensor with the latest threat data. In this instance, the update violated a protected memory address within the Microsoft Windows environment, causing the operating system to encounter a critical error, resulting in the ubiquitous “blue screen of death” where an affected device is unable to recover on its own. The workaround to the issue involved a very manual process, requiring users to log in to each machine under “safe mode” and remove the registry key that contains the faulty code.

This event shows just how connected technology products are within our ecosystem, and one failure can cause a devastating impact on an entire infrastructure. While both CrowdStrike and Microsoft worked diligently to assist in recovery efforts, we all need to be aware of the potential for secondary attacks from cybercriminals based on information collected via a phishing attack.

2) Learning from the Incident: How to Outsmart the Bad Guys

Within hours of the incident on July 19, 2024 CrowdStrike warned of malicious activity trying to exploit the outage. One primary method that cybercriminals were using is to send phishing emails purportedly from CrowdStrike (or Microsoft) using “spoofed” addresses (i.e., somebody@crowdstrikeoutage.com) with malicious attachments or simply to gather information for a later compromise. CrowdStrike and Microsoft worked around the clock to provide guidance as well as potential tools to assist with recovery.

IT and cybersecurity staff should guide their organization on how to prevent falling for such tactics, such as not opening any emails from unofficial addresses posing as CrowdStrike support and questioning any phone calls from CrowdStrike staff; they are likely impersonators.

Additionally, this unfortunate incident opens up the conversation for developing (or revisiting) a robust cybersecurity prevention and recovery plan. With access to a breadth of cybersecurity providers, solution architects, and managed services, we can help your company with your entire strategy – from organization-wide cyber training, to IT outage response plans, to infrastructure automation for disaster recovery, to third-party risk management programs.  Simply tell us what you need at FreedomFire Communications and we’ll make it happen.

Our colleague Koby Phillips reminds us:

“This high-impact event emphasizes the urgency to keep resiliency plans current, communicated, and understood within the organization to avoid the types of customer disruptions experienced since July 19. Like other industry disruptions this year, this event creates conversation opportunities for technology professionals to have with their company about how to best prepare their organization for these inevitabilities.”

– Koby Phillips, VP of Advanced Solutions – Cloud, Telarus

Final Thoughts

While the CrowdStrike outage presents significant challenges, it also offers a reason for immediate outreach to your entire organization (especially senior leadership) while demonstrating further value to them. By offering expert guidance and leveraging essential discussion points, you can assist your organization in navigating this crisis, preventing future similar incidents, and emerging stronger and more resilient.

In the spirit of resilience, it is crucial to ask yourself and your colleagues: “Which components or upstream vendors in our environment are we dependent on? Are we considering resiliency around those as well?” This questioning encourages you and your company to think critically about your dependencies but also underscores the importance of resilience planning.

In every crisis lies an opportunity. For IT and cybersecurity professionals, this is that opportunity.

Leave a Reply