The recent CrowdStrike failure was indeed an unfortunate event, causing significant disruption across many organisations. However, it also provided a stark illustration of the potential consequences when critical systems are compromised. Unlike a cyber attack, this outage demonstrated how even non-malicious failures can have far-reaching impacts.
The Reality of Downtime
Downtime, regardless of its cause, can have devastating effects on a business. These range from loss of revenue and inaccessible data to diminished customer confidence and, ultimately, loss of business.
In the case of ransomware attacks, the impact can be even more severe, comparable to the dreaded “blue screen of death” experienced worldwide last week. While a blue screen may have straightforward solutions, ransomware attacks often leave organisations without viable workarounds. This leads to significant operational disruptions, data loss, and financial repercussions. Essentially, a ransomware attack is like a blue screen of death—for all the data in your business.
The CrowdStrike outage affected a vast number of users, highlighting the vulnerability of even the most robust systems. The incident underscored the critical need for businesses to have strong cybersecurity measures in place, not only to prevent attacks but also to ensure quick recovery from unforeseen failures.
“It won’t happen to us”
The financial impact of IT downtime is staggering. According to a report from MSN, companies are losing billions every year due to IT downtime. This loss is not just due to ransomware but also from unexpected system failures, like the one experienced by CrowdStrike. Despite these recurring issues, many organisations are not improving their ability to fix such problems promptly.
However, the facts show that the chance of downtime is increasing, with the ‘it’s not if, it’s when’ mantra commonplace amongst cyber security experts.
- Small businesses are often the prime targets for malicious emails, with 1 in 323 being harmful. The average office worker receives 121 emails per day. (1)
- One-third of small businesses with 50 or fewer employees rely on free, consumer-grade cybersecurity solutions. (2)
According to the Hiscox Cyber Insurance Readiness Report 2023:
- Cyber attacks rose for the third year running – 53% of firms suffered a cyber attack of some sort up from 48% last year
- One-in-eight attacked businesses suffered costs of £200,000 or more
- In three years, the proportion of firms attacked with less than ten employees rose by more than half to 36%
- One-in-five firms received a ransom demand but those paying fell from 66% to 63% – less than half of those that paid recovered all data (3)
These statistics emphasise the critical need for robust cybersecurity measures and quick incident response protocols.
This recent event has served as a wake-up call for businesses to reassess their IT strategies. It is crucial to invest in robust protective measures, proactive threat detection, and swift incident response protocols. Many organisations operate under the false assumption that “it won’t happen to us” until it does. The CrowdStrike outage is a powerful reminder that downtime can strike any business, at any time.
Who is Responsible?
It’s essential to have clear accountability within your organisation for managing cybersecurity risks. Typically, the IT Lead is responsible for the overarching cybersecurity strategy. However, every employee has a role to play in maintaining security protocols and reporting suspicious activities.
As Microsoft advises,
“In the event of an outage or disruption to the Service, you may temporarily not be able to retrieve Your Content. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
This highlights the importance of regular data backups and having a well-defined disaster recovery plan in place.
Lessons Learned and Moving Forward
The disruption experienced during the CrowdStrike failure serves as a sobering reminder of the critical need for robust protective measures. To mitigate the risks associated with IT downtime, businesses should consider the following steps:
- Invest in Robust Cybersecurity Infrastructure: Ensuring that your systems are protected against both external threats and internal failures.
- Implement Proactive Threat Detection: Continuously monitor for potential vulnerabilities and address them before they can cause harm.
- Develop Swift Incident Response Protocols: Have a clear and practised plan for responding to IT incidents to minimise downtime and recovery time.
- Cybersecurity Accountability: Clear accountability in managing cybersecurity risks is crucial, typically led by the IT Lead, but ensuring there is no single point of failure.
Conclusion
In conclusion, the CrowdStrike outage has provided valuable lessons on the cost of downtime. No one thinks it will happen to them—until it does. By learning from these experiences and taking proactive measures, businesses can better safeguard their operations and minimise the financial and operational impact of future disruptions.
As a Managed Service Provider (MSP), we are committed to providing and maintaining secure and resilient IT infrastructures. If ever there was a wake-up call required around the impact of downtime, last week provided a stark reminder. If you are interested in mitigating the risk of downtime, and want a no obligation discussion around email security, backup & disaster recovery, or security awareness and testing for staff, please fill in this form.
Stay Secure.
- Symantec Security Center
- New Study Reveals One In Three SMBs Use Free Consumer Cybersecurity And One In Five Use No Endpoint Security At All (prweb.com)
- Cyber-Readiness-Report-2023-UK.pdf (hiscox.co.uk)
Recent Comments