CyberCX

What began as a ripple of seemingly independent issues soon became a global crisis, as organisations across every sector scrambled to come to terms with history’s biggest ever IT outage on Friday 19 July.    While the crisis phase of this outage is now over, we know many recovery efforts are ongoing. Organisations across the economy – regardless of whether they were directly impacted or not – are this week reflecting on what can be learned from this outage to improve readiness, resilience and recovery before the next tech-related disruption, which is, unfortunately, inevitable.   Since Friday, the team at CyberCX has fielded many questions from customers, partners, media, and stakeholders across government and industry.   Read our latest blog where we outline some signposts to follow as you grapple with these questions: https://lnkd.in/dW3Q-UmB

We have been impacted by global IT outages before, however the scale and impact of what happened on Friday 19 July 2024 was unprecedented.   A software update to Windows systems for CrowdStrike’s Endpoint Detection and Response platform, known as Falcon Sensor, resulted in a critical error affecting 8.5 million devices across most sectors of the economy.    The extensive impact of the incident reflects the growing interconnectivity of our IT infrastructure. Although this outage was caused by a mistake, future outages–whether accidental or malicious–are inevitable.   Our latest edition of C-Suite Cyber offers conversation starters for business leaders looking to learn from this outage. As we enter the post-recovery phase of the outage, now's the time to consider: 🔹 How can we be better prepared for the next outage? 🔹 How do we build resilience against future, inevitable outages? 🔹 How will we bounce back better, when major incidents do happen?

CyberCX's Alastair MacGibbon said that Friday’s outage, in which a software update from CrowdStrike caused computers across the world to crash, is a good dress rehearsal for something that one day is going to be more significant.   “If it was a malicious act against those one per cent of computers, [or involved] encryption, it would have been catastrophic,” he told The Australian Financial Review.   Alastair cautioned against regulating to limit vendor dominance, saying “I would let the market sort this out. I don’t know if regulation or over-reaction will help."   Read more: https://lnkd.in/dViXPr9H.

CyberCX Global Advisory Board member Ciaran Martin weighed in on the global IT outage that crippled the day-to-day working of businesses and individuals over the weekend, leaving customers without access to services including healthcare and banking.    "We've talked for a long time in the industry about the inherent fragility of foundational parts of the internet, these little bits of activity and infrastructure that underpin the whole thing," the CyberCX UK Chairman said.   "If they go wrong, they can have really serious global consequences."

"It says a lot about the state of our world that, when computers started crashing around Australia on Friday afternoon, the first thought of many was: is this the beginning of a cyber war?"   Writing in the The Australian Financial Review, CyberCX's Katherine Mansted said, "of course, we soon knew that the biggest global IT outage in history had been caused by something much more common and prosaic: a mistake."   After an update released by CrowdStrike triggered a critical error in Windows devices running the software, Katherine said "the faulty update was so damaging because systems are designed to trust CrowdStrike code and absorb it rapidly. Ordinarily, this helps customers outpace the bad guys. But on Friday, the medicine became the poison."   Read more in the full opinion piece, where Katherine explores some of the hard truths about cyberspace that the outage exposed: https://lnkd.in/g_CVFHHp

CyberCX's Dan Richardson told Sky News that small businesses affected by the global IT outage may not even be aware until Monday morning.   "The CrowdStrike software that's the cause of these issues is widely used and it's very beneficial for businesses to have that sort of protection for their system."   "It's very difficult to prepare for. I think some will probably be better prepared than others," said Dan. "My biggest concern is Monday morning for some of those smaller businesses that may be affected but not even know it yet."

As organisations around the world work to recover from the global IT outage, CyberCX's Katherine Mansted said this has been a sharp wake up call about the fragility of our digital ecosystem. "It's the biggest outage in history and I say that for two reasons; in terms of the number of companies affected, but also the consequence for ordinary citizens," she told 7NEWS. Katherine said that the reality is there is no magic button for the workaround and that full recovery will take some time yet.

CyberCX recognises the tireless, ongoing efforts of IT and cyber teams across all sectors of the economy as organisations, large and small, work to restore services impacted by a global systems outage. Every organisation has been impacted differently and will have different pathways and timeframes to fully recover from this outage. We can therefore expect some disruption to continue into the days and weeks ahead. As organisations grapple with this challenge, we urge people to think carefully before making significant changes to their cyber security arrangements. We strongly encourage organisations not to disable or remove CrowdStrike products from their environment without viable alternative measures already in place. Any such changes organisations choose to make should be cautiously and thoroughly considered. CyberCX is also aware of increased threats from scammers and malicious actors seeking to exploit the ongoing confusion, including attempts to impersonate cyber security professionals promising help to overstretched technical teams. As the situation evolves, organisations should be vigilant against such threats, report suspicious activity, and work with established and trusted cyber security partners. CyberCX continues to support our customers and partners through this time and will update them directly as we learn more. Links to further information and advice: Australian Signals Directorate advisory: https://lnkd.in/gackpyuK CrowdStrike blog with technical details of outage: https://lnkd.in/d2C2GhgS CrowdStrike blog outlining potential malicious activity: https://lnkd.in/etGzTGah Scamwatch report form: https://lnkd.in/fNrQBHT

As computer systems come back online following the global IT outage, CyberCX's Dan Richardson told the New Zealand Herald that the incident is quite possibly the largest outage in history. “Smaller organisations that are not monitoring their systems and security 24/7 may not even realise they have a problem until they come into work on Monday, so we’re unlikely to see this issue fixed for everyone for some time.” Dan said the outage is a reflection of how connected we are when an important piece of software that has a problem results in huge impacts. "Given the complexity of large IT environments we are likely to see a longtail of impacts across the New Zealand economy for some time.” Read the full piece: https://lnkd.in/d4ZNysQF

As the global IT outage sends shockwaves around the globe, CyberCX Executive Director for Strategy and Risk Dan Richardson told BusinessDesk NZ you would struggle to find a part of the economy unaffected by the outage. Richardson said the problem appeared to have come through an update to cyber security firm CrowdStrike’s Falcon product. “It’s a very widely used product. We’re seeing it in media organisations, airlines, [and banks], amongst others because they tend to operate on a 24/7 basis," said Dan. “For organisations that don’t operate on a 24/7 basis, they might not see the impact of this until over the weekend or potentially through into next week.” “I’d absolutely advise everybody to reach out to their IT teams and take stock of where they are at.” Read more insights from Dan in the full piece: https://lnkd.in/gNH3uKNK