CrowdStrike Brings the World to a Standstill

Written By James Brosnan

CrowdStrike is definitely getting their name out there today, but perhaps not in the best way. Their "non-security" incident has brought so many companies within so many industries to a standstill. Just ask anyone trying to hop on a flight this morning. It's the end of the week so of course something went wrong, someone did something they should or shouldn't have or were rushing to get a patch out. Unfortunately for the rest of us, we're also paying the price for this mishap. Rather than sit here and try to say "they should have known better" or "they should have had controls in place to prevent such a catastrophe", let's learn from it. After all, failures are often the biggest and best teachers we can hope for.

So what can we learn?

Well, let's talk about basic change management principles. Who is to say if the patch was even tested in a dev/test/pre-prod environment before being pushed out. If it was then this event likely wouldn't have happened. The issue might have been caught before it went out. On the customers end, it's not a bad idea to do the same thing. Test the patch in a dev/test/pre-prod environment before pushing to production, and especially before pushing to customer facing systems. Our friends in the NERC CIP world are intimately knowledgeable about change and config management (CIP-010 anyone?).

This event also speaks to the less regarded concept of accidental/negligent insider threat. Insider threats aren't always a corporate spy trying to steal company secrets (Jurassic Park) or a disgruntled employee trying to teach the company a lesson (Office Space). Being overworked, over stressed, or overly fast to hit a deadline are all culprits that lead to accidental or negligent insider threats.

There are a myriad of factors that lead us to this event. In the end, it happened. Let's move on. But we should strive to learn some lessons so that it doesn't happen again. Or at least learn enough so that the risk of a similar event is lessened.

We should all be thankful for our IT staff on a day like today. Give them support so that they can do their jobs and get everyone back up and going.

James Brosnan
Next

When You Gotta Go, You Gotta Go Cybersecurity Lessons Learned from Jurassic Park