Skip to main content
main content, press tab to continue
Article | Managing Risk

After CrowdStrike – Short-term fixes and long-term cyber risk solutions

July 26, 2024

Proactive planning and financial foresight can significantly mitigate the risks associated with business interruptions as seen following the CrowdStrike global cyber incident.
|Risk and Analytics
N/A

When CrowdStrike released an update to its Falcon endpoint detection and response (EDR) solution, millions of computers were left displaying the dreaded blue screen of death (BSOD). This glitch led to a cascade of business interruptions, as hundreds of companies, airports, hospitals and other critical services were taken offline, causing widespread disruptions and disabling essential services globally.

The CrowdStrike incident serves as a stark reminder of the vulnerabilities inherent in many supply chains. While CrowdStrike has been clear no malicious intent was involved and its response was rapid, the disruption has been immense and the damage extensive. So, imagine what would happen if there were a worldwide cyber incident tomorrow caused by malicious intent and with no quick fix. The interruption and repercussions would be of far greater potential magnitude, the threat to the cyber security posture of more organizations of much greater significance.

How would your organization respond in the immediate aftermath? Crucially, what can you do today to boost your resilience and better safeguard the business from cyber incidents?

In this article, we look at the short-term solutions if the CrowdStrike incident affected you. We then offer ways to improve your ability to handle cyber risks into the future, especially those not sharing the comparatively benign characteristics as the CrowdStrike incident.

The quick fix for CrowdStrike users

CrowdStrike’s Falcon Sensor, akin to an ‘antivirus on steroids,’ is a real-time, cloud-based EDR software offering robust protection against viruses, malware and cyber threats. Unfortunately, a defective component in a recent update caused some users’ machines to enter a boot loop, while other users encountered the BSOD.

CrowdStrike has acknowledged the issue and reverted to the previous Falcon Sensor version, as reported by Bleeping Computer. The company has provided a workaround for less affected customers to enable system access through the following steps: booting Windows into safe mode or the Windows recovery environment, going to the C:\Windows\System32\drivers\CrowdStrike directory, deleting the file named ‘C-00000291*.sys,’ then restarting the host normally. For cloud-based Falcon Sensor users, CrowdStrike suggests two mitigation strategies: reverting the system to a pre-04:09 UTC configuration snapshot or a more detailed procedure that involves detaching and fixing the operating system disk volume from the affected virtual server.

Long-term cyber risk solutions: Quantitative analysis of insurable incidents

If your business relies heavily on operational continuity, it’s crucial you can access accurate quantitative analysis of potential insurable supply chain compromises.

Due to operational downtime, the consequences of incidents such as CrowdStrike tend to extend beyond immediate revenue loss and encompass a broad spectrum of liabilities. For example, airlines and hospitals impacted by CrowdStrike face substantial financial and legal liabilities due to service disruptions.

With prompt planning and readiness for high-risk cyber events together with an understanding of your liabilities and how cyber incidents could interact with your insurance coverage, you’ll be in a better position to avoid severe financial setbacks.

Long-term cyber risk solutions: Scenario-led cyber risk mitigation

You can reduce the operational and financial impact of future cyber events by gaining a thorough understanding of the cyber threat scenarios most likely to impact your value chain.

Many organizations are already quantifying cyber risk scenarios, enabling them to proactively recognize the potential pain points and get ahead of the threats specific to their industry and organization.

If your organization depends on third-party solutions, you need to meticulously quantify the risk of third-party cyber disruptions. You can do so by identifying and quantifying relevant cyber risk scenarios with a probabilistic view driven by actuarial and data science, forensic accounting, cyber threat intelligence and insurance claims data.

By quantifying the magnitude of the inherent risks, such as reliance on third-party software and operational continuity, then prioritizing the available mitigation options, you can understand the financial impacts. Armed with precise assessments of risks, as well as your financial liabilities and the likelihood of cyber events impacting your business, you can better safeguard your organization’s longevity and resilience. And with a comprehensive understanding of your cyber maturity capability, you can then both attain the appropriate cyber risk insurance and mitigate any gaps for better future financial positioning.

Because while potential losses from cyber incidents such as CrowdStrike can be significant, they don’t have to be inevitable.

  • For more information on how the CrowdStrike incident may be covered by certain insurance coverages, read our recent Client Alert.
  • If you need expert support to quantify economic damages and related costs as a result of the CrowdStrike incident, contact our Forensic Accounting and Complex Claims specialists.
  • For a smarter way to identify and manage the cyber risks most relevant to your industry and organization, contact our Cyber Risk Quantification specialists.

Disclaimer

Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).

Contact


Director - Head of Cyber Risk Consulting
email Email

Senior Director
email Email

Contact us