Cyber Sessions: CrowdStrike incident serves as a wake-up call

To read this article and get more critically important news and information, check out our other security-focused posts and subscribe to Providence Business News on their website, www.pbn.com

The world came to a screeching halt on July 19. Or at least, a significant chunk of the world did.

The cause? A seemingly harmless update to a cybersecurity software product. CrowdStrike, an endpoint detection and response tool designed to protect our systems, ironically sent so many businesses into chaos.

What happened was a masterclass in the law of unintended consequences. This was not a mere glitch. It was a seismic event. CrowdStrike, a giant in the cybersecurity market, found itself being both villain and victim.

It wasn’t a malicious attack. It was a failure of process, a blind spot in a system that prides itself on vigilance. The company seemed to have let its guard down when it came to managing massive numbers of routine software updates. CrowdStrike’s reputation of quality and protection has been the stuff of legend. But a rush to enhance its capabilities led to the waving off of meticulous scrutiny needed for testing and quality assurance.

The fallout was catastrophic. Businesses small and large were brought to their knees. Airports grounded flights and hospitals went dark while we wondered if this was a global cyberattack. What it became was a stark reminder of our dependence on technology, a dependency that has outpaced our appetite to safeguard it.

This incident was a wakeup call. It forces us to confront the vulnerability of our digital infrastructure. It demands a re-evaluation of risks and the trade-offs we make in the name of speed to innovation.  It compels us to question the fundamental assumptions about resilience that have guided us.

We must treat this as a learning experience. CrowdStrike will emerge from this ordeal, hopefully stronger and wiser. But the lessons learned must resonate through the industry.  This type of incident could happen to any company; however, these types of constant configuration changes that were happening must go through more thorough quality assurance processes to eliminate these types of risks.

Comprehensive disaster recovery plans gathering dust on the shelf must become living documents, tested and updated with the frequency of our software. Organizations must strengthen their resilience. Diversification of technology providers, robust recovery systems and comprehensive incident response plans are necessities. The ability to weather these types of storms will be a defining characteristic of successful businesses.

With that, vendor risk management is often-overlooked corner of cybersecurity, but must be elevated to C-suite-level and even board-level concern. The relationship between organizations and their vendors has taken on new urgency. Vendor risk management is no longer a buzzword; it’s a matter of survival. Businesses must conduct thorough due diligence on their vendors, understanding their security practices, incident response capabilities and business continuity plans.

As business leaders, we must develop the capacity to absorb shocks, adapt quickly and emerge stronger. This requires investments in technology, process, training and talent. It means building diverse and redundant systems.

The digital world we live in is complex, and it’s becoming more interconnected and interdependent. When one part fails, an ecosystem is at risk.

The financial toll of this event is still being calculated. The worldwide financial damage has been estimated to be at least $10 billion. Insurance companies will grapple with unprecedented claims. But the true cost may be measured in lost trust, damaged reputations and an erosion of confidence.

As we navigate this intensifying state of digital risk, let’s not forget that every crisis is also an opportunity. It’s a chance to build stronger, more resilient and more secure organizations. The future of our business depends on it.