Security Leaders Discuss Impact of Microsoft-Crowdstrike Outage
On July 19, various organizations encountered delays due to a Microsoft and Crowdstrike outage that began the previous night. The complications, such as flight delays, continue to impact individuals globally even days after the initial outage.
Security experts have shared their insights on the outage and offered advice to other organizations on safeguarding themselves.
Aleksandr Yampolskiy, CEO, SecurityScorecard
“During my time at Goldman Sachs, the practice was to acquire tools from multiple vendors. This approach ensures that if one vendor’s firewall fails, there is a backup from another vendor that may be more resilient. The recent global outage serves as a reminder of the vulnerability and systemic risks associated with excessive reliance on technology that powers essential services like airlines, banks, telecoms, and stock exchanges.
An outage is essentially a security incident. Building resilience in such situations involves diversifying systems, identifying single points of failure, and proactively testing through tabletop exercises and outage simulations. Utilizing the ‘chaos monkey’ concept, deliberately breaking systems to observe the response, is also crucial.
This disruption creates an opportunity for exploitation, as attackers target vulnerable users seeking solutions. Organizations must remain vigilant not only in addressing the outage but also in strengthening defenses against opportunistic attacks during chaotic times.”
Mr. Narayana Pappu, CEO, Zendata
“The CrowdStrike outage emphasizes the risks associated with relying on external partners or services for software updates, a scenario that was unimaginable just five years ago. It underscores the importance of understanding the risks in software supply chains.”
Nick France, Chief Technology Officer, Sectigo
“In today’s highly complex technology landscape, especially in regulated industries like banking and healthcare, connecting to the cloud adds more attack vectors for bad actors or potential vulnerabilities. Securing online banking is crucial due to the sensitive data at risk of theft. Digital identities play a critical role in ensuring the right people have access to the right data.”
Alan Stephenson-Brown, CEO, Evolve
“The recent outage serves as a timely reminder to prioritize operational resilience. It highlights the need for distributed data centers and alternate connectivity routes to ensure business continuity during cloud infrastructure disruptions. By focusing on contingency planning and preventive measures, businesses can protect their IT systems and operations.”
Ruban Phukan, First Data Scientist, Yahoo & CoFounder, GoodGist
“Black swan events like the CrowdStrike-Microsoft outage do occur in the software realm. The extensive impact of such situations exerts immense pressure on companies, leading to a customer support crisis. It is crucial to not only identify and resolve the root cause but also manage a surge in customer queries and support tickets, providing solutions and combating misinformation effects.”
Kory Daniels, CISO, Trustwave
“The recent CrowdStrike outage highlights the potential for disasters to catalyze criminal activities. When systems fail, criminals exploit the chaos for unlawful acts. It underscores the need for robust incident response and recovery planning, including simulations of critical system unavailability. Regular testing and preparedness measures are essential to enhance organizational resilience against unforeseen events and cyberattacks.”
