Techaisle Blog
When Security Falters: A Single Update Exposed SMB Fragility and the Need for Resiliency
A recent update from CrowdStrike caused a widespread outage, termed the largest in history. The IT outage highlighted the vulnerability of SMBs to large-scale tech outages and their dependence on third-party IT services. It also underscored the need for better preparedness and potentially more diverse IT ecosystems to mitigate such risks in the future. Cybercrime is predicted to cost $14.57 trillion globally in 2024, and it would be the world's third-largest economy after the US and China. This underlines the importance of robust cybersecurity. The incident raises a concerning question: what happens when the guardians become the source of disruption? The CrowdStrike-related outage was not caused by a cyberattack, but rather by a defect in a software update, highlighting the importance of operational resilience beyond just cybersecurity measures. Analysts estimate the global cost of this outage to be as high as $24 billion as of now.
Uneven Recovery for SMBs
A Techaisle survey of 600 small businesses indicates that 34% expect customer reputation damage and 23% anticipate significant bottom-line impacts due to operational challenges. Logistics complications from inventory management to shipment tracking caused business friction. Communication issues with clients, suppliers, and staff led to delays and missed opportunities, while financial activities like processing payments and managing invoices suffered. Some businesses also faced customer service obstacles, leading to customer dissatisfaction and reputational harm.
The recent CrowdStrike outage has highlighted the essential need for dependable tech in today’s businesses and the severe impact that short downtimes can have, especially on SMBs. It's a stark reminder of the importance of solid IT frameworks and contingency planning. Small businesses suffer disproportionally during such outages due to leaner cyber defenses and limited personnel, which are significant hurdles when crises strike. The manual resolution required here spotlighted these weaknesses. Small IT teams, typically stretched thin with various duties, found it tough to manage the fix across several devices, leading to overtime work to fix crucial operations.
The service disruption provided an opening for cybercriminals to take advantage of smaller companies' weaknesses. Due to CrowdStrike's compromised security, phishing attacks increased. Official alerts from CISA and CrowdStrike highlighted harmful tactics such as fake CrowdStrike support emails, deceptive phone calls with fraudulent fixes, and impersonators acting as researchers suggesting false claims of a breach. Small and medium-sized businesses, generally without the extensive security training larger companies have, were particularly vulnerable to these scams. The disruption wasn't limited to security software; it also impacted small and medium-sized businesses (SMBs) that utilize Microsoft Cloud services. As the update affected these services, smaller enterprises, which typically don't have advanced tools to identify and resolve such intricate problems, faced increased difficulties.
The Recovery Challenge
The outage presents a unique challenge because security software, by design, requires deep access to system functions for optimal protection. Unfortunately, this double-edged sword means the malfunctioning update can't be patched remotely. Recovering affected devices requires manual intervention on each machine, a time-consuming process that could take days for large organizations with thousands of endpoints. Technicians face the daunting task of physically rebooting each affected computer and potentially entering a specific safe mode to remove the problematic file. While effective for individual machines, this hands-on approach becomes a logistical nightmare when dealing with a large-scale outage. The sheer number of systems requiring individual attention translates to significant business downtime, potentially leading to lost productivity and financial repercussions.
Need for a Conclusive Action Plan for SMBs
The patchy rebound of SMBs during system disruptions highlights the need for operational resilience. According to the Techaisle survey, 85% of SMBs are now prioritizing resilience as a way to lessen business risks. Indeed, 62% of SMBs equate operational resilience with business stability. Resilience is central to an SMB's robustness, linking cybersecurity, business continuity, and overall readiness. It's not simply about protection; it's about recovering swiftly from any emergency, whether that's a cybersecurity threat, natural calamity, financial slump, or cloud service interruptions. By including measures for prevention, response, and recuperation, resilience keeps business operations smooth even during turbulent times. This inclusive strategy not only preserves business activities but also secures critical data and strengthens consumer confidence. Techaisle has proposed several vital actions that SMBs can implement to lessen the consequences of potential outages:
Opt for a Best-of-Breed Approach: According to SMB research by Techaisle, 64% prefer using specialized best-of-breed solutions while 36% lean towards an all-encompassing end-to-end platform. When SMBs adopt a best-of-breed approach, it allows them to develop a robust security posture. This strategy requires choosing the most efficient tools from different providers to meet distinct needs, thereby offering wider protection and reducing reliance on a single vendor. Such diversification betters the overall scope of security and lowers the chances of being restricted to one supplier. The best-of-breed method also provides the agility needed to respond to changing security threats by enabling companies to update or incorporate additional solutions when necessary.
Creating Incident Response Strategies: Research from Techaisle reveals that 42% of small and medium-sized businesses lack an incident response plan. A distinct and thoroughly outlined plan is essential in these scenarios, guiding the team's actions. This strategy should delineate specific duties for those responsible for detection, remediation, and stakeholder communication. Additionally, it needs to set communication standards to guarantee cohesive and efficient collaboration among team members during resolution efforts.
Improved Data Backup and Recovery Strategies: The event highlights the critical need for robust data backup and recovery measures. Small and midsize businesses ought to emphasize the development of a backup plan that regularly saves essential data to a protected remote site, allowing for quick restoration during downtime. This might mean utilizing both onsite backups and cloud services.
Developing a Robust Support System: Establishing connections with reliable cybersecurity allies can offer critical assistance and skill during security events. A trusted circle of partners equips SMBs to draw on their proficiency and insight, ensuring a quicker and more efficient reaction to disturbances.
Techaisle Take
CrowdStrike, a cybersecurity giant ranked second by market capitalization, offers a comprehensive suite of security solutions, including endpoint protection, threat intelligence, and cyber-attack response. Their flagship product, the Falcon platform, integrates deeply with Microsoft operating system to provide real-time threat detection and prevention. With its extensive reach across various industries and market segments, CrowdStrike had become synonymous with robust cybersecurity.
As the cybersecurity community reflects on recent events, there's talk of impending changes. A major topic is the resilience of cloud services and the potential impact of single updates that have the power to halt worldwide operations. This situation serves as a sharp reminder about the importance of thorough testing and validation before deploying software updates to avoid such far-reaching consequences.
CrowdStrike is now tasked with the challenge of rebuilding customer trust after taking a hit to their reputation. In the forthcoming period, they'll need to ramp up efforts to repair the damage. Clear communication and transparency will be vital to steer through this ordeal and restore user confidence.
For clients, especially small and medium-sized businesses, the downtime was an alarming revelation, exposing the risks of depending solely on one security provider. It accentuates the need for adopting a "best-of-breed" strategy for diversified security measures, complemented by solid incident response strategies and dependable data backup and recovery plans. Above all, it serves as a reminder of the necessity for resilience and reinforces that being prepared is essential for enduring any crisis.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.