Intelligent Tech Channels Issue 79 | Page 16

INDUSTRY VIEW

WHY THERE ARE IMPORTANT LEARNINGS FROM CROWDSTRIKE MICROSOFT OUTAGE

TONY ANSCOMBE , CHIEF SECURITY EVANGELIST , ESET
The most important message after the incident is not to skip the post-mortem or put the incident down to exceptional circumstances . Reviewing an incident , and learning from it , will improve the ability to deal with future incidents advises Tony Anscombe , Chief Security Evangelist , ESET .

As the dust settles on the cyberincident caused by CrowdStrike releasing a corrupted update , many businesses will , or should , conduct a thorough post-mortem on how the incident affected their business and what could be done differently going forward .

For most critical infrastructure and large organisations , their tried-and-tested cyberresilience plan undoubtedly will have been kicked into action . However , the incident , dubbed the largest IT outage in history , was likely something that no organisation , however large and cyber-framework compliant , could have prepared for . It felt like an Armageddon moment , as evidenced by disruptions at major airports .
A company may prepare for their own systems , or for some key partner systems , to be unavailable . However , when an incident is so widespread that , for example , it affects air traffic control , government transport departments , transport providers , and even the restaurants in the airport through to TV companies that could warn passengers of the issue , preparedness is likely to be limited to your own systems . Fortunately , incidents on this scale are rare .
What the incident does demonstrate is that only a small percentage of devices need to be taken offline to cause a major global incident . Microsoft confirmed that 8.5 million devices were affected , a conservative estimate would put this between 0.5 – 0.75 % of the total PC devices .
This small percentage , though , are the devices that need to be kept secure and always operating , they are in critical services , which is why the companies that operate them deploy security updates and patches as they become available . Failure to do so could result in severe consequences and prompt cyber-incident experts to question the organisation ’ s reasoning and competence in managing cybersecurity risks .
A detailed and encompassing cyber-resilience plan can help get your business back up and running quickly . Still , in exceptional circumstances like this , it may mean your business does not becomes operational due to others that your business relies on not being as prepared or quick to deploy necessary resources . No company can anticipate all scenarios and completely eliminate the risk of business operational disruption .
That said , it is important that all businesses adopt a cyberresilience plan , and on occasion test the plan to ensure it performs as expected . The plan can even be tested alongside direct business
Microsoft confirmed that 8.5 million devices were affected , a conservative estimate would put this between 0.50 – 0.75 % of total PC devices .
16 www . intelligenttechchannels . com