Maksim Kabakou - Fotolia

Defaulting to open: Decoding the (very public) CrowdStrike event

The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps

We live in an era of cyber ‘incidents,’ from WannaCry to MOVEit. However, it’s undeniably rare that a vendor finds themselves at the epicentre of such an incident in such a big way. Enter CrowdStrike. While it’s crucial to note that the CrowdStrike IT outage was not a cyber incident, it thrust CrowdStrike into the global spotlight and forced the world to ask: are we too reliant on some organisations? What would happen if this sort of thing did happen because of a cyber attack?

The immediate aftermath of an incident of this kind (and magnitude) has people demanding answers, responsibility, and accountability. This is a very human response in moments of crisis. Understanding the root causes of failures is essential for building a more resilient community. For cyber security professionals, in the wake of any cyber, IT, or more broadly, tech-related incident, there’s a period of reflection and an urge to understand root causes. Knowing this helps us roadmap any lasting impact and put prevention and response plans in place.    

The recent IT outage, while not a traditional cyber security breach, underscores the criticality of secure software development. The reliance on a handful of companies for essential infrastructure creates single points of failure and third-party risk vulnerabilities, which is exceptionally risky.

CISA's Secure By Design pledge is a step in the right direction for safe software development, encouraging organisations to prioritise security in their development processes. However, industry-wide adoption requires a combination of regulation, government guidance, and collaborative efforts. Building security by design is essential, especially due to the challenges associated with retrofitting existing systems. While building securely may not at first seem the fastest or cheapest in production, it is a responsibility that cannot be ignored, especially as it usually saves costs and time in the long run.

While there are certainly security considerations when understanding an event such as this, there’s also the crisis communication side for providing damage control when it comes to customers, partners, and stakeholders. The way a crisis is handled in and out of the public eye can make or break a company’s future.

I think CrowdStrike handled the incident well. Why? Because the company was transparent. CrowdStrike focused on moving forward instead of finger pointing. By releasing regular statements and a granular post-incident investigation report, CrowdStrike also kept the wider community, as well as customers and partners, in the loop. The reporting also acknowledges that the situation is ongoing by not oversharing whilst also outlining why certain decisions were made. In cyber security, too much happens under the cloak of secrecy, so transparency is essential in these situations.

On the other hand, CrowdStrike seems to be engaging with the community in a more modest way in the wake of the incident. Accepting the ‘Most Epic Fail’ Pwnie award at DEF CON this year is one way to accept egg on its face, albeit a rather novel one. Whilst this does not negate the gravity of the situation, it does show, strategically, the approach CrowdStrike is taking to rebuilding its reputation within the community.

One thing’s for certain, we, as an industry, need to default to transparency (and not just in times of crisis). Openness is crucial for security, stakeholder satisfaction, and resilience. 

Elliott Wilkes is CTO at Advanced Cyber Defence Systems. A seasoned digital transformation leader and product manager, Wilkes has over a decade of experience working with both the American and British governments, most recently as a cyber security consultant to the Civil Service.

Read more on Business continuity planning