Cyber resilience: Key takeaways from a global IT outage
It's now been a few weeks since one of the industry's largest IT outages affected airlines, hospitals, and businesses worldwide. We have all seen the reports on the impact. But what is also very evident about this event is that it could easily have happened to any software provider.
CrowdStrike is one of the most revered cyber vendors in our industry, but at the end of the day, it is a software provider. Software is written by humans, and neither software nor humans are perfect. As a community we spend a lot of time looking to detect and prevent events caused by bad actors. We see here that even when there is no malicious actor involved, an error in a critical application or related process can cause widespread impact.
No Application is Invulnerable
That a software package could introduce a quality issue in an update or misconfiguration is not, in and of itself, news. Veracode reported in 2023 that 70% of software applications they examined still had at least one identifiable flaw 5 years after shipping. Also, Synopsys found that vulnerabilities existed in as many as 92% of applications tested.
I would go as far as to say this number should really be 100%.
The issue is complexity
As we have described in our Cyber Resilience Risk Index 2024 Report, the complexity we face in this industry is enormous. For example, there are hundreds of variants of Windows X, and over 100 applications installed on every computer - each with its own patches and fixes and updates, on a variety of networks, connecting to a profound number of peripherals. There is not a test matrix on the planet that will get you to perfection. And even if an application were to be perfect the day it shipped, it changes over time through usage, updates, combinations with other applications, upgrades, and patches … resulting in new flaws.
Where you have complexity, you will find risk
I am in no way absolving technology vendors from their obligation to deliver quality products – especially in mission critical applications. Clearly, security and quality from design to delivery is crucial. However, there is value in understanding the reality of this situation, that this is not purely a software quality or update process problem. Where you have complexity, you will find risk - and where there is risk, your resilience plan is as critical to your business continuity as your detection/prevention plan.
Absolute's Commitment to Cyber Resilience
As the leader in enterprise Cyber Resilience, we have a unique view on the state of endpoint computing and around this most recent incident and we have been working to help our partners and customers to be on track for a fast recovery. For example, we recently made available to Absolute customers (and non-customers) the ability to scan for latent CrowdStrike events as well as the ability to remotely automate remediation to any 'blue screen of death' event leveraging our platform already embedded in their devices. At the recent RSA conference we also demonstrated our Endpoint Rehydration and Cyber Resilience 3.0 platform that specifically enables remote healing of devices overcome by ransomware or other compromise.
What Can We Responsibly Do?
As we reflect on the aftermath of this historical global outage, what can we responsibly do across our industry to better mitigate these types of events?
- Technology Providers: Continue striving for quality and security from design, incorporating resilience strategies into customer success plans and roadmaps. In addition, by enabling applications to automatically remediate problems and maintain health, organisations can ensure they can address issues responsibly.
- Enterprise Customers: Implement resilience strategies in your environments by conducting thorough tabletop exercises that extend to business continuity and disaster recovery (BCDR) plans. Utilise built-in capabilities already within the devices you own to remediate or restore devices promptly.
- Shared Responsibility: Managing risk requires partnership and collaboration. Leverage tools that enhance resilience today and work together to eliminate complexity over time.
- Help don't Harm: In a world of tightening budgets and increasing competition, it's tempting to point fingers when something goes wrong; it's harder to find a productive way to assist victims in any given situation. The difficult challenge, however, is the path that will lead us all to a more prosperous outcome. In the interconnected world of hardware and software, we are all interdependent on overall success.
Cyber Resilience is Critical in our Complex Digital World
As organisations clean up from the latest event, the key takeaway is the critical need for investing in cyber resilience in our highly complex digital world. Whatever the next event may be, will you be ready with a plan and the tools required to return your business and get users back online quickly, safely and effectively?