Cyber Security

3 lessons from the CrowdStrike crash

The not so obvious lessons from the CrowdStrike crash.

Aug 5, 2024 — 1 min read

Photo Credit: Unsplash/Sarah Kilian

It's weeks since a single file broke Windows. Here's 3 not so obvious lessons from the CrowdStrike crash.

17 days ago, a software bug in CrowdStrike took down airport check-in counters and IT systems, causing disruptions around the world.

I wrote about it then:

But as I read multiple news reports and dug into the intricacies of cybersecurity software with CISOs, some less obvious facts became apparent.

Here are 3 lessons we can learn from the CrowdStrike crash.

The first thing that became apparent was how everyone recovered at a different pace.

Some recovered the same evening; others took until the next day. A few were still struggling on Monday. It boils down to:

The top US airlines are a particularly noteworthy study here due to their scale and visibility.

Some have pointed out that software updates should always be staged across smaller pools of systems.

In CrowdStrike's case, the updates unfortunately belonged to a category of updates that ignores pre-configured groups or deferred rollouts.

The point remains valid, however - the incident validates the importance of staggered rollouts.

Despite using affected systems, it is noteworthy that not every organisation was as badly hit.

There were reports of call centres switching to backup systems. And from what I read, even one airline apparently had a parallel system in place.

My conclusion? You either pay the price of resilience earlier, by deploying redundant or backup systems, or you pay later when disaster strikes.

Bonus: Don't count on insurance

And in case you were wondering, reports note that the vast majority of damages from the outage will go uninsured.

It might be time for enterprises to relook their disaster recovery plans and IT resilience.

Read more