July 19 marks one year since the CrowdStrike IT outage, which brought down an estimated 8.5 million computers worldwide, causing mass disruptions for organisations all across the globe. But what did the incident teach us, and most importantly, are we any more resilient today than we were that fateful day 12 months ago? Here, experts at Beyond Blue and Acumen Cyber, discuss key learnings from the outage and answer the all-important question, could a similar incident happen again today?

David Ferbrache OBE, managing director at Beyond Blue and former head of cyber and space for the MoD:

“The CrowdStrike incident highlighted the impact that a single IT issue could have worldwide.

It caused many organisations to review their change processes around production systems and ask which third parties could unilaterally trigger change.

But could a similar incident happen again?

Too often, there’s still an assumption that the digital perimeter ends at the edge of the organisation, when in reality, critical service providers have deep, privileged access that can bypass internal controls altogether. In an era of ‘zero trust’ and constant cyber threat, the idea that poorly vetted software updates can cascade across global networks should have triggered urgent reform, but all too quickly we move on and it becomes yesterday’s news. 

On the positive side we are seeing a greater focus on resilience from regulators and the government, based on the assumption that these unlikely, but still plausible, events could trigger major disruption.

The UK’s long awaited Cyber Security and Resilience Bill, and the financial sector Critical Third-Party regime, are intended to improve the security and resilience of third parties, and with that the resilience of the critical infrastructure operators who depend on them.

It will take time and international politics will be in play as companies lobby. It’s a fine balance to strike, in a time when politics is shifting towards deregulation to reduce burdens on business, it is all too tempting to ignore these systemic risks – complex and messy as they are to address.

While the CrowdStrike incident was caused by inadequate change controls and testing, it could just as easily have been triggered by a cyber attack, as we saw only too clearly in the SolarWinds incident in 2020.

Geopolitical tensions have not eased over the five years, if anything, the risk of systemic disruption has increased in likelihood and potential impact.

So, while it is not easy to solve, getting the right regulatory framework in place to address third party systemic risks matters. It has become an issue of national security.

On this anniversary we must ask ourselves… could it happen again… yes… have we learnt from the incident… perhaps… do we need to more… definitely.”

Peter King, principal consultant at Acumen Cyber:

“It’s hard to believe it’s been one year since the world was thrust to a halt amidst the CrowdStrike outage.

It was undoubtedly one of the biggest IT incidents the world has ever faced, highlighting the systemic vulnerabilities that exist within our increasingly connected digital world.

However, the event also left some important lessons.

Firstly, team work, transparency and communication mean everything in cyber.

Even amidst the chaos, CrowdStrike was praised for its communication efforts around the incident.

Information was communicated to IT teams and channel partners in rapid speed, enabling everyone to step into effective action immediately. 

There was no room for speculation, disinformation or mulling around. Communication and transparency were exemplary, significantly supporting impacted organisations.

However, teamwork and collaboration across industries also stood out. Internally, Acumen quickly adopted an ‘all hands on deck’ attitude and helped to support customers to a point of recovery for tens of thousands of installations.

This approach was echoed globally within the cyber and IT community, which became united in offering services far and wide. I even saw posts on Reddit with MSPs offering their services for free to help support businesses, regardless of their location.

While the incident wasn’t malicious, it did provide some important lessons for organisations in cyber.

Incident response planning is essential in helping organisations rehearse their response to attacks and support recovery efforts. Furthermore, transparency is crucial in the wake of breaches, as this allows organisations to take effective mitigation steps quickly.

While the event was a hard earned lesson that no one wanted, the biggest mistake we can make today is not taking these learnings and using them to make tangible improvements to our cyber and digital resilience moving forward.”

For more cybersecurity news, click here