On July 19, 2024, a major global digital catastrophe unfolded as a faulty Windows update led by cybersecurity firm CrowdStrike’s Falcon software caused widespread system crashes and service disruptions across vital sectors in over 20 countries.
This incident has exposed the deficiencies of Microsoft and its partners in product stability and risk management. Security software, which should be the first line of defense against cyber threats, has become the cause of system crashes unexpectedly. Therefore, security vendors must not only focus on defending against cyber-attacks but also pay attention to the stability of their own systems.
From this incident, we also have the following recommendations for organizations:
Assume the Inevitable
Organizations must recognize that cyber incidents are not a matter of “if” but “when”. Preparing for the worst during peacetime is crucial to ensure swift recovery and minimal disruption. This includes conducting regular asset inventories, including third-party assets, to have a comprehensive understanding of the potential vulnerabilities within the system. Continuous threat exposure management is also essential, ensuring that the organization remains vigilant and proactive in identifying and mitigating risks.
Robust Testing Protocols
Regular and rigorous testing, including red-teaming exercises, should be prioritized. This proactive approach helps identify vulnerabilities and reinforces defenses before incidents occur.
Internal Process Control
Strengthening internal controls and processes is key. Comprehensive testing and validation of software updates before release are necessary to maintain functionality, stability, and security.
Supplier Quality and Reliability
- Track Record: It is crucial to select suppliers who have a demonstrated history of delivering quality and reliable products and services.
- Quality Management: Suppliers must follow stringent quality management protocols and be committed to continuous improvement to safeguard the integrity of the software supply chain.
- Compliance: Ensure that suppliers comply with industry standards and regulations, which is vital for maintaining a secure and trustworthy supply chain.
- Transparency: Increase supply chain visibility by establishing an information sharing platform that facilitates real-time communication and coordinated risk management.
- Technology Review and Testing: Implement thorough reviews and testing procedures for new technologies and third-party updates to guarantee their stability and security, thereby preventing the introduction of new risks into the system.
- Diverse Technology Ecosystems: Relying on multiple vendors and systems can distribute dependencies, reducing the impact of any single point of failure and compensating for the technological shortcomings of a single vendor. For instance, integrating NSFOCUS Threat Intelligence (NTI) into your organization’s security strategy can enhance proactive cyber threat defense capabilities. NTI is a truly global subscription service, inclusive of intelligence from China, that bolsters your security posture.
Business Continuity Plans (BCP)
Up-to-date BCPs are essential. Regularly practicing these plans through tabletop exercises (TTXs) ensures readiness and resilience in the face of unexpected disruptions.
Agile Incident Response
Organizations should be agile in their incident response, assuming that breaches will happen. Having a well-thought-out plan and practicing it regularly can minimize the impact of any security event.
In the digital age, cybersecurity is not an optional add-on but a fundamental component of business strategy. Organizations that prioritize security and resilience can not only protect themselves but also use these capabilities to empower their operations and emerge stronger in the face of challenges.
