Ensuring Resilience: How BCMS Can Prevent CrowdStrike-Like Incidents

Dear Smart Client,

Last week, a CrowdStrike Falcon Sensor update caused widespread disruptions, particularly affecting Microsoft Azure and Microsoft 365 services like Teams and OneDrive.

This update led to a dreaded Blue Screen of Death (BSOD) on numerous Windows systems, sparking a flurry of activity as both Microsoft and CrowdStrike worked to resolve the issue.

Was your organisation affected?

ln this month's newsletter, we are discussing this latest incident that shook the cybersecurity world. Here's a detailed look at what happened and how you can recover if your system was affected.

The Issue at Hand

Lastweek, a CrowdStrike Falcon Sensor update caused widespread disruptions, particularly affecting Microsoft Azure and Microsoft 365 services like Teams and OneDrive. This update led to a dreaded Blue Screen of Death (BSOD) on numerous Windows systems, sparking a flurry of activity as both Microsoft and CrowdStrike worked to resolve the issue.

Who is CrowdStrike?

CrowdStrike is a leading cybersecurity firm known for its Falcon platform, which provides advanced threat detection and prevention. The platform leverages a combination of artificial intelligence, machine learning, and behavioural analysis to protect against various cyber threats, including malware, ransomware, and other advanced persistent threats.

CrowdStrike’s services are widely used across different sectors, including government, healthcare, finance, and technology, due to their robust and comprehensive security solutions.

However, July 19, 2024, CrowdStrike released a sensor configuration update for its Falcon platform targeting Windows systems. Unfortunately, this update contained a logic error that caused approximately 8.5 million Windows devices to crash, displaying the blue screen of death (BSoD).

You wowed right? Yes! Wow...

This massive outage affected critical services worldwide, including airlines, hospitals, financial institutions, and numerous businesses. The error disrupted operations, resulting in flight cancellations, delays, and significant downtime for various organisations. CrowdStrike quickly acknowledged the issue, issued an apology, and deployed a fix.

Despite these efforts, the incident highlighted the vulnerability of relying heavily on a single cybersecurity platform and the cascading effects that such failures can have on global operation.

What we Saying to you?

Redundancies are crucial for maintaining critical business operations. This incident underscores the vital importance of having a robust Business Continuity Management System (BCMS).

You read that correctly!

BCMS involves a comprehensive approach to identify potential threats, assess their impact on business operations, and develop strategies to ensure that critical functions continue during and after a disruption.

Key components of BCMS include: Business Impact Analysis (BIA), Risk Assessment, Business Continuity Strategy, Incident Response, Recovery Planning, Testing and Exercising. All of this components helps to prevent and minimize the impact of security incidents.

How BCMS comes?into?play

1. Risk Assessment and Management: Implementing BCMS requires performing a risk assessment this help in Identifying potential risks and their impacts on business operations. In the case of the CrowdStrike incident, a thorough risk assessment might have anticipated the risks associated with critical software updates and included contingency plans to mitigate such risks.

Before deploying new software feature conducting a thorough risk assessment will identify potential vulnerabilities in software updates, that will foresee issues that could arise and prepares mitigation strategies.

For organisations that experienced significant downtime to their services, a risk assessment would have considered the likelihood of the CrowdStrike incident occurring and provided mitigating solutions.

2. Incident Response Planning: BCMS consist of the roles and responsibilities of team members, communication channel, documentations, training and awareness testing and drills that will help prepare organisations for security incidents.

Having a well-defined incident response plan ensures that organisations can respond quickly and effectively to disruptions. This includes clear communication channels, predefined roles and responsibilities, and procedures for system recovery and business resumption.

In this case, companies would have had a plan for responding to software-induced system failures, including immediate steps to isolate affected systems and initiate recovery procedures.

3. Regular Testing and Drills: BCMS encourages Regular testing and drills to help uncover potential vulnerabilities in your incident response and business continuity plans and help prepare for real life scenarios, allowing you to address them before an actual incident occurs including software failures.

Simulating various disruptive scenarios, organizations can practice their response and refine their strategies to handle real incidents more effectively. Conducting regular tests and drills helps organizations to validate and improve their response plans. It ensures that all stakeholders are prepared to act swiftly and effectively in the event of a real incident.

These drills would have highlighted the importance of having immediate responses to the blue screen of death.

4. Redundancy and Backup Systems: BCMS encourages the establishment of automatic failover mechanisms that switch operations to backup systems seamlessly during an incident, ensuring business continuity.

Implementing redundant systems and regular data backups can minimse the impact of disruptions. For instance, having alternative cybersecurity solutions in place could help organisations maintain protection even if one system fails, minimising downtime.

5.Vendor Management: BCMS involves evaluating and managing risks associated with vendors. Companies would ensure that a vendor like CrowdStrike follows strict quality assurance practices and has their own incident response plans in place.

Although, this does not seem to be an issue in this incident. In addition, clear SLAs with CrowdStrike regarding software updates and support would ensure quick resolution and accountability. This also does not seem to be a problem in this incident based on the facts learned so far.

6. Continuous Improvement: BCMS is not a one-time effort but an ongoing process. Continuous monitoring, reviewing, and updating the BCMS ensure that it remains effective in addressing new and evolving threats.

It also helps ensure that similar issues, such as update errors or system failures, are avoided in the future.

The CrowdStrike incident serves as a reminder of the interconnectedness of today’s digital world and the potential widespread impact of technical failures. A well- implemented BCMS can significantly mitigate these risks, ensuring that organisations can maintain their critical operations and swiftly recover from disruptions.

While CrowdStrike’s rapid response helped mitigate some of the immediate effects, the incident highlights the critical need for BCMS frameworks to ensure resilience and continuity in the face of unforeseen disruptions.

Implementing and maintaining a comprehensive BCMS can help organisations navigate crises more effectively, protecting their operations, reputation, and stakeholders.

Visit our website www.smartcomply.com to read from our blog here to read a Step-by-Step Recovery Guide.

Feel free to follow us across our social media platforms to learn more from us; Facebook , LinkedIn , Twitter and Instagram .

Speak to our customer care representative; 08133262024

Request an instant demo: https://www.smartcomplyapp.com/book-a-demo

Think Automation, Think Smartcomply!