How SMBs Strike Back: Incident and Mitigation Planning

By Krista Lockhart • August 5, 2024
cyber security
Crowdstrike Microsoft Outage

Many years from now, the CrowdStrike outage will be remembered as the software update that stopped the world. According to news reports, CrowdStrike, a Texas-based cyber security company, was responsible for taking down millions of Windows-based devices across virtually every industry. According to CrowdStrike’s public announcement: “On July 19, 2024, at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems. The sensor configuration update that caused the system crash was remediated.”

So, in plain English, the issue was not the result of or related to a cyberattack. However, this software update affected airports, doctor’s offices, banking, ticket purchase systems, and retailers. Commercial flights could not take off, TV broadcasters went offline, and service interruptions mounted throughout the day. CrowdStrike and Microsoft published guidance, and in parallel, IT, network engineering, and cyber teams within large companies worked quickly to access the damage and activate incident and mitigation procedures for their organizations. However, small and medium-sized businesses that did not have internal experts or an existing incident response plan or mitigation strategy were at a disadvantage. Many called on partners like Smart City and or deferred to IT forums.

Now that the dust has settled for most, perhaps the CrowdStrike outage underpins the importance of incident and mitigation plans. Smart City wants to help; here are five tips businesses can include in their incident response plan and mitigation strategy:

Risk Assessment and Prioritization

Conduct a thorough risk assessment to identify potential threats to the business well before an issue arises. Risks could include natural disasters, cyber threats, supply chain disruptions, and financial risks. Rank risks based on their likelihood and potential impact on the business. Focus on the most critical risks first, but be sure to determine responses to all.

Business Continuity Planning

Next work with leadership to develop a Business Continuity Plan that outlines how the business will continue operating during and after a disruption. Include procedures for maintaining critical functions, communication plans, and roles and responsibilities of employees during a crisis. Regularly review and update to ensure procedures are relevant and effective.

Cybersecurity Measures

Revisit or establish cybersecurity practices to protect sensitive data and IT infrastructure during an emergency. This can include firewalls, anti-virus software, encryption, and secure backup systems. Educate leadership and employees on cybersecurity best practices, such as recognizing phishing attempts and using solid passwords through communications and employee education. Regularly update software and systems to protect against the latest threats.

Crisis Communication  

Finally, a crisis communication chain of command must be established. This ensures accurate, clear, consistent communication with employees, customers, suppliers, partners, and other stakeholders during a crisis. Assign a spokesperson and establish protocols for sharing information through social media, email, and press releases. Conduct drills to test for effectiveness.

 

In closing, according to Microsoft, the outage—affected 8.5 million Windows devices, which is less than one percent of all Windows machines. However, if we dig a bit deeper, according to Reuters, “Delta CEO Ed Bastian said the massive IT outage that stranded thousands of its customers will cost it about $500 million in losses. Delta told U.S. lawmakers last week in a letter seen by Reuters that CrowdStrike’s faulty update “impacted more than half of Delta computers, including many of Delta’s workstations at every airport in the Delta network.”

The letter added Delta’s “complex IT system, which distributes and synchronizes all our data, including the data that feeds our crew tracking and gating software, required manual recovery.”

Whether this incident impacted your organization or not, consider it an opportunity to take intentional, strategic steps. Companies that don’t have layers of IT, engineering, or network security support can design and implement strategies to help maintain operations, mitigate risk, and react quickly to adverse events.

5 seconds.

Your Location

Let us know the location you'd like to get our services

Request Your Free Technology Assessment

For Florida business services only! Find Home Services.