The global CrowdStrike IT outage served as a stark reminder that even non-malicious cyber incidents can have serious repercussions. This event underscored the urgent need for robust cyber resilience strategies to safeguard business operations. At uComply, we believe that learning from such incidents is crucial for enhancing our cybersecurity posture. Here are five key lessons from the CrowdStrike outage that can help organizations build sustained cyber resilience.
1. Put Incident Response Plans to the Test
Having a well-prepared and defined incident response plan is crucial for mitigating the impacts of IT disruptions and cyber attacks. However, the true measure of a plan’s effectiveness is how it performs when tested in real-world scenarios. The CrowdStrike outage provided businesses with an opportunity to evaluate the efficacy of their plans and identify areas for improvement.
A key factor in an incident response plan is knowing when it should be activated. The outage demonstrated the need for clear activation thresholds that are understood by high-level decision-makers. This ensures that the plan is triggered appropriately, minimizing business impact and maintaining operations. Regularly testing and refining incident response plans can help organizations stay prepared for future incidents.
2. Consider Legal Implications and Consequences
Accurately assessing the type and extent of loss is foundational to a successful mitigation and recovery strategy. This includes initial revenue losses, business interruption, and potential future losses, such as legal and regulatory exposures. Identifying these losses early and monitoring them consistently will significantly influence overall recovery strategies.
Customer-facing communications must be managed with care, ideally guided by legal advice and input from key decision-makers. Responsive, transparent, and legally compliant communication helps maintain trust and manage expectations. Additionally, organizations should ensure they have backup communication channels in place to address overreliance on a single provider.
3. Understand Cyber Coverage and Claims
The insurance risk transfer market’s initial response to the CrowdStrike outage was to classify it as a system failure event, which is typically not covered under cyber insurance policies. However, coverage could be available under other policies, such as errors & omissions and directors and officers (D&O) liability. Events like the CrowdStrike outage should be viewed broadly, considering all possible insurance implications.
Organizations should review their insurance policies to understand the coverage available for different types of incidents. This includes assessing policy terms and conditions, waiting periods, retentions, and other features that may apply. Being well-informed about insurance coverage can help organizations navigate the claims process more effectively.
4. Define Claims and Gather Evidence
After the initial incident response, the focus will likely shift to recovery and claims. Insurers will require evidence and detailed information about the impact and responses to the incident. To do this effectively, organizations should:
- Record the time of impact on systems.
- Identify impacted systems and observe how they affected business operations.
- Document operational impacts with precision, noting the duration and mitigation steps taken.
- Assess policy terms and conditions to understand coverage.
- Define key stakeholder roles for the claims process and agree on messaging.
- Quantify the impact by capturing financial losses and logging incremental expenses.
It is the responsibility of the insured to present their losses to insurers, so thorough documentation is essential.
5. Strengthen Business Resilience in Response to the CrowdStrike Outage
Conducting a thorough risk assessment in the aftermath of the CrowdStrike outage is essential. This helps organizations identify and understand vulnerabilities in existing incident response plans and devise strategies to mitigate future incidents. Understanding organizational risk exposure is the first step toward effective mitigation.
Although the business and operational impact of the CrowdStrike outage was limited for many organizations, this may not be the case for future incidents. Ensuring long-term cyber resilience means learning from such incidents and implementing these lessons in future plans. By proactively addressing vulnerabilities and improving resilience strategies, businesses can better prepare for and mitigate the impacts of future events.
Conclusion
The CrowdStrike outage serves as a critical learning opportunity for organizations to enhance their cyber resilience. By putting incident response plans to the test, considering legal implications, understanding cyber coverage, defining claims processes, and strengthening business resilience, organizations can better navigate the complex landscape of cybersecurity.
At uComply, we are committed to helping organizations build robust cybersecurity measures that align with their strategic goals. For more insights on how to enhance your cyber resilience, please contact us.