Will CrowdStrike serve as a reboot on tech resiliency? Download By Kim BozzellaManaging Director and Global Leader, Technology Consulting, ProtivitiGlobal IT systems are still in reboot and recovery after a software update by cybersecurity vendor CrowdStrike caused a massive worldwide outage of Windows computers. Global businesses, governments and organisations were impacted across several industries, including airlines, banks, telecommunications, and healthcare. While the dust settles on the specifics of the how and the why of the global meltdown, one thing that is certain is some bad code in a CrowdStrike content update has served as a massive wake-up call to the world about our collective technology vulnerability. Download Topics IT Management, Applications and Transformation Technology Enablement Industries Technology, Media and Telecommunications Why it mattersAccording to a blog post by Microsoft, less than 1% — more than 8.5 million — of all Windows machines were affected. However, the consequences of CrowdStrike's flawed patch were significant. Experts have put the economic impact in the billions for what may be the most significant IT outage in history. For his part, CrowdStrike CEO George Kurtz stated that it may take weeks to fully recover the over 8.5 million Windows devices that were affected by the software update. Technology experts have long warned that the interconnected nature of the underlying systems supporting essential services across several industries could result in more global outages. In the immediate aftermath, business leaders should:Focus on resumption of ‘business as usual’ activities. As most organisations are still in the process of formal response to the incident, the primary focus should be on addressing known issues and resumption of normal business services, deploying workarounds where necessary.Communicate across the enterprise to increase transparency on known issues. As ad hoc technical fixes became available, end users may have taken steps to remediate that do not align with enterprise practices and may result in unintended issues.Understand impact to key supporting vendors. Directly engage with your critical third parties to understand if there may be downstream impacts to your organisation in the services/efforts they provide. Implement remediation strategies to address potential vendor impacts.Communicate with your customers. Provide clear and concise communications to customers about the extent of the impact and state of recovery to increase customer confidence that the issue is being managed.Be on the lookout for phishing e-mails. Communicate to the enterprise the importance of following communication and support protocols when resolving this issue and be alert for phishing e-mails masquerading as solutions to this issue.What they sayThomas Vartanian, Executive Director, Financial Technology & Cybersecurity Center“Imagine if you couldn't find or access your money? That day could be coming sooner than we think, and it is up to us to act. Businesses should take the lead and work with governments to finally, once and for all, secure our virtual world. Over the last 25 years, if democratic nations had reconfigured cyberspace according to some commonsense rules that incorporated the same authentication, governance, enforcement standards and responsibilities that we employ in the analog world, virtual vulnerabilities and the chances of global shutdowns would've been greatly reduced."What we sayUnfortunately, this could become the new normal as we move further into an interconnected IT future. Tactically, business leaders should assess other third-party agents, tools and products that share similar characteristics to CrowdStrike, which may pose a similar threat going forward. Establish action plans to mitigate these threats. Business leaders should integrate a ‘CrowdStrike-type incident’ into existing scenario libraries. Meanwhile, reviewing third-party risk management practices and taking steps to better identify and monitor those with similar characteristics to CrowdStrike.Strategically, organisations should continue to invest in a thoughtful — and tested — framework with which to make informed business decisions during an adverse event. The one certainty is that the next outage will be different than the last one. Organisations that prepare for responsive and responsible reaction and recovery will be better suited in the future.The bottom lineA CrowdStrike-like event will almost certainly happen again. Business leaders should use this incident as an opportunity to reboot tech resiliency. Companies that stay vigilant and have the proper protocols and plans in place will be most prepared to minimise widespread damage, keeping in mind their organisations may experience downstream secondary impacts that may not surface for days or weeks. These impacts include compliance related activities, data integrity issues, shadow IT activities performed from end user devices that experience disruption or disruption of recurring activities that have not completed a cycle. Business leaders should continue to focus on practical changes the organisation could make, such as ensuring the software supply chain is as fully automated as possible to minimise risk related to human error, to better prepare for the next widespread tech outage. Protiviti’s Sameer Ansari, Samir Datt and Andrew Retrum contributed to this report. About VISION by Protiviti VISION by Protiviti is a global content resource exploring big, transformational topics that will alter business over the next decade and beyond. Written for the C-suite and boardroom executives worldwide, VISION by Protiviti examines the impacts of disruptive forces shaping the world today and in the future. Through a variety of voices and a diversity of thought, VISION by Protiviti provides perspectives on what business will look like in a decade and beyond. Find out more about our solutions: Technology Risk Management As organisations adopt new technologies, risk and exposure grow. We help design and implement operating models to manage technology risk and better control IT systems, people and processes. Our technology risk offerings reduce cost and risks while increasing agility. Business Continuity and Resilience We help organisations minimise and mitigate the risks associated with unplanned events. We revisit business continuity plans and develop comprehensive technology resilience strategies to protect your people, brand, operations, revenue, and remain compliant. Operational Resilience Improve resilience through a robust testing program, building on existing business continuity management activities, IT disaster recovery, and cybersecurity incident response. We bring knowledge across the four domain areas of operational resilience: business, technology, cyber, and third-party. Technology Consulting Services Whether you are looking to automate, modernise, or embark on an end-to-end transformation journey, our technology consulting solutions can help. Our services range from strategy, design, and development through implementation, risk management, and managed services. Leadership Leslie Howatt Leslie is a managing director, and Protiviti’s technology consulting solution lead. She specialises in digital and technology strategy as well as transformational change with over 25 years’ experience across consulting, industry, and government sectors. She has ... Learn More Hirun Tantirigama Hirun is a managing director with 15 years’ experience in providing risk and regulatory advisory services across a variety of clients and industries. He has led complex, transformational programs across areas such as operational risk, regulatory remediation, operational ... Learn More Featured insights WHITEPAPER CPS 230 – APRA’s new standard to improve operational risk and resilience On 17 July 2023, the Australian Prudential Regulation Authority (APRA) released the final new prudential standard CPS 230 Operational Risk Management, which is mostly aligned to requirements in other jurisdictions, including the United States, the... WHITEPAPER Australia’s Critical Infrastructure Act Reforms — A Positive Step in Strengthening Industry-wide Resilience The existing Security of Critical Infrastructure Act 2018 (SOCI Act), which requires owners and operators to take steps to safeguard defined critical infrastructure assets, has recently been amended to broaden the scope of industry sectors. This has... WHITEPAPER SIFMA’s Quantum Dawn VII After-Action Report The latest iteration of SIFMA’s biannual cybersecurity exercise focused on the outage of a critical third-party service provider. The simulation and concluding survey found many financial institutions are already experienced with the loss of a... BLOGS Building technology resilience: aspects and actions Building technology resilience is a continuous process. Technology resilience programs call for diligent monitoring, constant adaptation to evolving threats and continual evolution to respond to a shifting threat landscape. To begin with, they... Button Button