When CrowdStrike released an update to its Falcon endpoint detection and response (EDR) solution, millions of computers were left displaying the dreaded blue screen of death (BSOD). This glitch led to a cascade of business interruptions, as hundreds of companies, airports, hospitals and other critical services were taken offline, causing widespread disruptions and disabling essential services globally.
The CrowdStrike incident serves as a stark reminder of the vulnerabilities inherent in many supply chains. While CrowdStrike has been clear no malicious intent was involved and its response was rapid, the disruption has been immense and the damage extensive. So, imagine what would happen if there were a worldwide cyber incident tomorrow caused by malicious intent and with no quick fix. The interruption and repercussions would be of far greater potential magnitude, the threat to the cyber security posture of more organizations of much greater significance.
How would your organization respond in the immediate aftermath? Crucially, what can you do today to boost your resilience and better safeguard the business from cyber incidents?
In this article, we look at the short-term solutions if the CrowdStrike incident affected you. We then offer ways to improve your ability to handle cyber risks into the future, especially those not sharing the comparatively benign characteristics as the CrowdStrike incident.
CrowdStrike’s Falcon Sensor, akin to an ‘antivirus on steroids,’ is a real-time, cloud-based EDR software offering robust protection against viruses, malware and cyber threats. Unfortunately, a defective component in a recent update caused some users’ machines to enter a boot loop, while other users encountered the BSOD.
CrowdStrike has acknowledged the issue and reverted to the previous Falcon Sensor version, as reported by Bleeping Computer. The company has provided a workaround for less affected customers to enable system access through the following steps: booting Windows into safe mode or the Windows recovery environment, going to the C:\Windows\System32\drivers\CrowdStrike directory, deleting the file named ‘C-00000291*.sys,’ then restarting the host normally. For cloud-based Falcon Sensor users, CrowdStrike suggests two mitigation strategies: reverting the system to a pre-04:09 UTC configuration snapshot or a more detailed procedure that involves detaching and fixing the operating system disk volume from the affected virtual server.
If your business relies heavily on operational continuity, it’s crucial you can access accurate quantitative analysis of potential insurable supply chain compromises.
Due to operational downtime, the consequences of incidents such as CrowdStrike tend to extend beyond immediate revenue loss and encompass a broad spectrum of liabilities. For example, airlines and hospitals impacted by CrowdStrike face substantial financial and legal liabilities due to service disruptions.
With prompt planning and readiness for high-risk cyber events together with an understanding of your liabilities and how cyber incidents could interact with your insurance coverage, you’ll be in a better position to avoid severe financial setbacks.
You can reduce the operational and financial impact of future cyber events by gaining a thorough understanding of the cyber threat scenarios most likely to impact your value chain.
Many organizations are already quantifying cyber risk scenarios, enabling them to proactively recognize the potential pain points and get ahead of the threats specific to their industry and organization.
If your organization depends on third-party solutions, you need to meticulously quantify the risk of third-party cyber disruptions. You can do so by identifying and quantifying relevant cyber risk scenarios with a probabilistic view driven by actuarial and data science, forensic accounting, cyber threat intelligence and insurance claims data.
By quantifying the magnitude of the inherent risks, such as reliance on third-party software and operational continuity, then prioritizing the available mitigation options, you can understand the financial impacts. Armed with precise assessments of risks, as well as your financial liabilities and the likelihood of cyber events impacting your business, you can better safeguard your organization’s longevity and resilience. And with a comprehensive understanding of your cyber maturity capability, you can then both attain the appropriate cyber risk insurance and mitigate any gaps for better future financial positioning.
Because while potential losses from cyber incidents such as CrowdStrike can be significant, they don’t have to be inevitable.
