3 lessons from the CrowdStrike crash
The not so obvious lessons from the CrowdStrike crash.
It's weeks since a single file broke Windows. Here's 3 not so obvious lessons from the CrowdStrike crash.
17 days ago, a software bug in CrowdStrike took down airport check-in counters and IT systems, causing disruptions around the world.
I wrote about it then:
But as I read multiple news reports and dug into the intricacies of cybersecurity software with CISOs, some less obvious facts became apparent.
Here are 3 lessons we can learn from the CrowdStrike crash.
- Firms recovered at different speeds
The first thing that became apparent was how everyone recovered at a different pace.
Some recovered the same evening; others took until the next day. A few were still struggling on Monday. It boils down to:
- Robust disaster recovery plans.
- Adequate manpower.
- Leadership.
The top US airlines are a particularly noteworthy study here due to their scale and visibility.
- The importance of staggered rollouts
Some have pointed out that software updates should always be staged across smaller pools of systems.
In CrowdStrike's case, the updates unfortunately belonged to a category of updates that ignores pre-configured groups or deferred rollouts.
The point remains valid, however - the incident validates the importance of staggered rollouts.
- The cost of resilience: Pay now or pay later
Despite using affected systems, it is noteworthy that not every organisation was as badly hit.
There were reports of call centres switching to backup systems. And from what I read, even one airline apparently had a parallel system in place.
My conclusion? You either pay the price of resilience earlier, by deploying redundant or backup systems, or you pay later when disaster strikes.
Bonus: Don't count on insurance
And in case you were wondering, reports note that the vast majority of damages from the outage will go uninsured.
- Not falling within the definition of cyberattacks.
- CrowdStrike terms also limit payouts.
It might be time for enterprises to relook their disaster recovery plans and IT resilience.