On July 19, CrowdStrike, a leader in cybersecurity, released a faulty update for their flagship CrowdStrike Falcon software that impacted Windows IT systems worldwide. It caused the “Blue Screen of Death” boot error, which had huge global consequences for businesses, airlines, and emergency services. Flights and hospital appointments were canceled, payroll systems seized up, and TV channels went off air following the blunder.
CrowdStrike’s CEO, George Kurtz, confirmed on X that a “defect” in a Windows update caused the outage. He also ruled out a cyberattack.
Experts have said that services are coming back online, but full recovery could take weeks.
What’s the lesson here?
Megan Dean, Rewind’s Director of Security, says there are many lessons to be learned from this massive cyber crisis.
First, be vigilant for phishing emails from bad actors posing as CrowdStrike. Also, avoid fake fixes online that contain suspicious links and files. Only consult trustworthy sources for updates or advice.
Second, there are some best practices you can follow to help prepare your business when things don’t go as planned. A Business Impact Assessment can help predict the effects of a disruption to your business. In addition, it gathers the info needed to develop recovery plans. You should also run Incident Response and Business Continuity Simulations. These drills will help you find gaps and train your team for real events.
Last, you need to work with your key third-party suppliers to better understand their disaster strategies and how they impact your business.
At the end of the day, your data is your responsibility.
What other topics are trending?
- Hackers could create traffic jams thanks to flaws in traffic light controllers, researcher says: A researcher at cybersecurity firm Red Threat published two blog posts detailing findings from a wider research project on the security of traffic controllers. One of the devices he looked at was the Intelight X-1, where a bug was found that let anyone take control of the traffic lights.
- Senators seek answers from AT&T about massive hacking of US customer call data: They wanted answers to questions about a hacking incident in April that resulted in the illegal downloading of about 109 million customer accounts at the U.S. wireless company, including one about whether the wireless company will compensate consumers.
- The FIA has been hacked after workers fell for a phishing attack: The governing body for Formula 1 and other top motorsports worldwide has revealed it recently suffered a cyberattack, which saw threat actors gain access to several email accounts.
The Soapbox: Online conversations you can’t afford to miss
Featuring insights from our Co-Founder & CTO, James Ciesielski.
Do you simulate ransomware attacks? What tools or methods do you use?
James’ take? As ransomware attacks become more common, it’s important to include them in your data security conversations and tabletop exercises. These role-playing activities are a great opportunity to talk about high-stress situations before they actually happen.
Join the conversation on Reddit.
If you could list the top 5 most common vulnerabilities you have encountered, what would they be?
James’ take? This was fun! Here’s my list:
- IT Using your password manager to manage your passwords and your MFA credentials.
- IT Not following least privilege principles.
- DEV Not sanitizing/validating user input.
- IT Poor password hygiene and management.
- IT People engaging with phishing smishing.
- DEV Committing secrets into source code repositories.
- DEV Managing cloud infrastructure from an administrative account.
Join the conversation on Reddit.
Subscribe to Retro for more!
Like what you read? Subscribe to Retro so you don’t miss any of our industry’s top stories and conversations.
Miriam Saslove">
