What Happened?
CrowdStrike, a well-known cyber security company, released an update for its Falcon Sensor software that inadvertently caused severe disruptions. According to Microsoft, this faulty update affected approximately 8.5 million Windows devices globally. The event, now called the “CrowdOut Event,” sent shockwaves through the IT and cyber insurance industries after disrupting services and sectors, including airlines, online transactions, cash machines, and even card payments.
What made this particularly nasty?
One thing that made this event difficult to resolve was that it required the removal of the corrupted update file from each machine. Though normally a simple by nature, it was complicated by a simple factor – the affected machines would not boot into a normal working mode. If you attempted to start an affected machine, you would just get the blue screen of death so you couldn’t just simply fix this n mass by remotely controlling machines.
Though machines could not boot into normal mode, they could boot to safe mode. On the surface, this seems great. However, working with safe mode usually means you have to put physical hands on the machine to do anything.
This meant that a company with a decent number of devices with more than one location and/or remote workers had to deal with the extended time it took to touch each computer to remove this one file.
The Impact
This challenging fix turned quickly into down time that cost the companies money in both committed expenses (payroll – people sitting unable to do their jobs, etc.), lost revenue as well as the cost of hiring people to fix the problem.
CyberCube, a specialist in modeling cyber risks, has provided a preliminary estimate of the financial impact on the standalone cyber insurance market. The losses are anticipated to fall between $400 million and $1.5 billion (about $5 per person in the US). This range makes the CrowdOut Event one of the largest single-insured loss events in the history of the cyber insurance industry.
To put this in perspective, the loss ratio impact on global cyber premiums, which amount to $15 billion (about $46 per person in the US) today, is roughly 3-10%.
What This Means for You
First and foremost, if you are a client of rocketwise, rest assured that your systems are not directly impacted by this issue, as we do not use CrowdStrike software. However, it’s important to be aware of the potential ripple effects. Other vendors you rely on could be affected by this disruption, potentially leading to indirect impacts on your operations.
But we’ve also learned a lesson as every good IT professional should! One of the things we have done to reduce any future impact of similar events is to make sure machines under our management are now configured for safe mode with networking. Simply this means that our remote access tools can still be utilized even when PC is in safe mode.
This means that in a similar event, a user could be directed to boot their PC into safe mode. Then while in safe mode, our remote access tools would start up and communicate back to us so that we can remotely execute any fixes needed.
So, using the case of CrowdStrike, the fix was to delete a specific file. We’ve set up a solution that could automate the fix so in a comparable situation as soon as a problem PC came online while under safe mode, the file would be deleted and then the PC would reboot into normal mode.
Industry Reactions
The cyber insurance industry is closely monitoring the situation. Different firms have varying estimates of the financial fallout. For instance, Parametrix, a provider of cloud monitoring and insurance services, estimates insured losses between $540 million and $1.08 billion (about $3 per person in the US).
Moving Forward
This event underscores the importance of robust cyber security measures and the need for comprehensive insurance coverage to mitigate such risks. While the CrowdOut Event is significant, it also serves as a reminder of the potential scale of cyber threats and the need for preparedness in the face of such incidents.
The CrowdStrike incident highlights the vulnerabilities present in many supply chains. Although CrowdStrike has confirmed no malicious intent and responded quickly, the disruption was significant and the damage extensive. This raises concerns about the potential impact of a future global cyber incident with malicious intent and no immediate solution. Such an event could cause even greater interruptions and pose a much more significant threat to the cyber security posture of numerous organizations that didn’t feel the impact of CrowdOut.
Despite the significant financial impact, and we don’t want to scare you but to put this into perspective, this event does not reach the extreme scenarios modeled by cyber insurers, which can envision losses up to 234% in more catastrophic events occurring once every 200 years. This is just a reminder that cyber security is business critical in today’s connected world.
There are things that all companies should consider:
- Implement ongoing testing and training: Don’t just rely on an annual cyber security review – bad things can hang out in your IT environment for months without being detected if you don’t regularly scan. Training your team members to know what to do and not do with their IT is critical, as people, without knowledge, are often our weakest link.
- Conduct thorough analysis and validation of IT cyber security practices: Run comprehensive system analysis, stress testing, and validation to identify potential failure points.
- Prioritize long-term investment in technology: Allocate resources for ongoing technology upgrades and maintenance to prevent underinvestment impacts that could lead to weak points in your IT environment.
- Continual learning: You need to be working with an IT support company that is moving at the same pace that the industry is changing or being challenged.
Stay Informed and Prepared
With prompt planning and readiness for high-risk cyber events, together with a thorough understanding of the cyber threat scenarios most likely to impact your value chain, it’s time to proactively recognize the potential pain points and get ahead of the threats specific to the equipment dealership industry.
As a client at rocketwise, we are committed to undertaking this work with you. For us, it’s about being proactive with monthly reviews and even scenario testing. By quantifying the magnitude of the inherent risks, such as reliance on third-party software and operational continuity, then prioritizing the available mitigation options, you can understand the financial impacts a cyber incident might have and understand what you need within your IT environment to meet those risks.
If you have concerns or need more information about this event or its potential impacts, please contact us. Your IT security and operational continuity are our top priorities.
