IT news definitely crossed over into mainstream news on Friday 19 July as a defect in CrowdStrike’s Falcon update for Windows hosts crashed millions of computers around the world. They saw what was termed: a blue screen of death.
Health services, airlines and stock markets were among the high profile players knocked out of action. But this will have hurt numerous SMEs too. It was so serious because CrowdStrike is the world’s biggest provider of EDR – that is endpoint protection and response.
CrowdStrike are not one of our technology partners so our clients were not directly affected. We hasten to add though that, scary as it sounds, this could potentially happen in any technology business. It was not a cyberattack; it is thought that it was a security update that was not tested sufficiently in a sandbox (quarantined environment prior to release).
Our teams spent much of the weekend supporting other MSPs and internal IT teams manage the fallout.
Beware of related scams
Fixes are being deployed and the cost is being counted, but there is still a risk of follow-on damage – but not from CrowdStrike. As with any big event that hits the headlines, cybercriminals are sure to try to piggyback this news story to launch attacks on worried businesses or individuals.
For this, it wont matter whether you were affected originally or not; or whether you are actually a CrowdStrike customer. The cybercrooks will prey on fear and confusion. Amidst all the noise they will deploy phishing attacks related to this news to try to get people to click on infected links because they are distracted or scared.
There are also reports of CrowdStrike staff being impersonated in phone calls and purported independent researchers falsely saying they have evidence the issues were related to a cyberattack.
So stay alert, think twice before responding and if in doubt ask for an expert opinion.
Is there anything more you can do?
Endpoint protection and response is a keystone of cybersecurity – traditionally it would once have been referred to as antivirus, but the best systems now (like CrowdStrike and our own partner ThreatLocker) are much more sophisticated.
They are essential and Friday’s catastrophic error is thankfully rare. You need EDR, but this whole episode does demonstrate the need for back up plans, for resilience.
By their nature, disasters are unpredictable. Like a large natural event, hack or terrorist attack, these do highlight the need to ensure you have business continuity and disaster recovery plans in place. Things like:
- Access to back up IT systems
- Remote working
- Staff training on what to do when disaster strikes
Now, or if you are affected when things are back to normal, is a good time to review your business continuity and disaster recovery plans. This event has perhaps shifted the goal posts and the whole industry will have to do some thinking.
If you think you are at risk, or would like a second opinion, please do not hesitate to get in touch with us. We are happy to answer any questions and if you would like a full-scale review of what you have in place and suggestions for improvement, our consultancy service can help. Give us a call or use our contact form below.