1 in 10 orgs dumping their security vendors after CrowdStrike outage
- Reference: 1726762386
- News link: https://www.theregister.co.uk/2024/09/19/german_crowdstrike_reaction/
- Source link:
Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to do so in the near future. It wasn't explicitly said whether this referred to CrowdStrike's Falcon product specifically or was a knee-jerk reaction to security vendors generally.
One in five will also change the selection criteria when it comes to reviewing which security vendor gets their business.
[1]
The whole fiasco [2]doesn't seem to have hurt the company much though, at least not yet.
[3]
[4]
The findings come from a report examining the experiences of 311 affected organizations in Germany, published today. Of those affected in one way or another, most said they first heard about [5]the issues from social media (23 percent) rather than [6]CrowdStrike itself (22 percent).
The report also revealed that half of the 311 surveyed orgs had to halt operations – 48 percent experienced temporary downtime. Ten hours, on average.
[7]
Aside from the obvious business continuity impacts, this led to various issues with customers too. Forty percent said their collaboration with customers was damaged because they couldn't provide their usual services, while more than one in ten organizations didn't even want to address the topic.
The majority of respondents (66 percent) said they will improve their incident response plans in light of what happened, or have done so already, despite largely considering events like these as unavoidable.
"There will never be a 100 percent protection against IT security incidents in the future. Nevertheless, we aim to get as close to 100 percent as possible," [8]said Claudia Plattner, BSI president.
[9]
"To achieve this, the BSI is in close collaboration with CrowdStrike, Microsoft, and other software manufacturers to improve the quality of their software and software updates. Additionally, companies must and can increase their resilience through preventive measures, making them more resistant to IT security incidents.
[10]Post-CrowdStrike catastrophe, Microsoft figures moving antivirus out of Windows kernel mode is a good idea
[11]CrowdStrike hopes legal threats will fade as time passes since it broke the world
[12]House to grill CrowdStrike exec on epic IT meltdown... no, not the CEO
[13]CrowdStrike's meltdown didn't dent its market dominance … yet
"It is important to give users the greatest possible control over update processes. Furthermore, the survey results also show that well-practiced IT emergency concepts must be an important component of any crisis preparedness."
One curiosity of the report was the focus on CrowdStrike customers' attitude towards applying security updates post-breakdown.
More than half said they want to install updates more regularly, despite the speed at which updates are applied not being a relevant factor in this case.
CrowdStrike pushed its [14]faulty Falcon sensor update , in the form of a channel file, via an automatic cloud update. Even if the update was applied manually, doing so at rapid speed – before seeing how it affected other users – would have been worse for the organization, not better.
Regardless, with the number of urgent patch warnings we and the infosec community dish out every week, it's probably a net positive, even if it's slightly misguided.
The BSI was quick to say this survey isn't representative of the entire country, given the sample size, "but it does provide a meaningful picture of the mood for affected companies in Germany."
Ralf Wintergerst, president at Bitkom, which carried out the research, said: "The IT outages and their consequences demonstrate the outstanding importance of digital technologies for our economy and society. This time it ended relatively harmlessly, also thanks to the joint efforts of businesses and authorities, with the support of CrowdStrike and Microsoft. However, it must serve as a warning for us.
"We urgently need to further improve our cybersecurity and require corresponding in-house expertise in companies and authorities – only in this way can we better protect ourselves against unintended outages or targeted attacks and become more digitally sovereign."
The [15]July outage impacted organizations in multiple industries across the world from [16]healthcare to transport , [17]bricking 8.5 million PCs .
The US House Homeland Security Committee is [18]set to grill an exec over the debacle next week ... although CEO George Kurtz will not be the one providing public testimony. ®
Get our [19]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZuyfA_IJtK6Z1C2LyfkQggAAAZQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://www.theregister.com/2024/08/29/crowdstrikes_q2_earnings/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZuyfA_IJtK6Z1C2LyfkQggAAAZQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZuyfA_IJtK6Z1C2LyfkQggAAAZQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://forums.theregister.com/forum/all/2024/07/19/admin_crowdstrike_update_mess/
[6] https://www.theregister.com/2024/09/09/crowdstrike_legal_threats/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZuyfA_IJtK6Z1C2LyfkQggAAAZQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/240919_BSI-bitkom_Crowdstrike-Umfrage.html
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZuyfA_IJtK6Z1C2LyfkQggAAAZQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2024/09/13/microsoft_is_updating_windows_to/
[11] https://www.theregister.com/2024/09/09/crowdstrike_legal_threats/
[12] https://www.theregister.com/2024/09/02/crowdstrike_vp_house_subcommittee/
[13] https://www.theregister.com/2024/08/29/crowdstrikes_q2_earnings/
[14] https://www.theregister.com/2024/07/23/crowdstrike_failure_shows_need_for/
[15] https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/
[16] https://www.theregister.com/2024/07/19/crowdstrike_shares_sink_as_global/
[17] https://www.theregister.com/2024/07/25/crowdstrike_timeline/
[18] https://www.theregister.com/2024/09/02/crowdstrike_vp_house_subcommittee/
[19] https://whitepapers.theregister.com/
If that's a relatively harmless outage
What does a relatively harmful one look like ?
Can optical internet cables actually burn ?
To say that 8.5 million PCs were "bricked" is I think overstating the case, and poor journalism.
The usual take on "bricked" is that the device is not recoverable by something as painless as one file deletion and a couple of reboots.
Bricked means more like (at a minimum) replacing a component such as a ROM chip to get the thing back on the air.
I'm not saying that this wasn't a complete fuckfest, don't get me wrong, but the devices were temporarily out of service - not bricked.
For a simple device like a camera or router which is just running firmware, that
s what bricking looks like.
But for a Networked, IT managed PC, used by a non-tech there are many more ways to make the PC unuseable without extraordinary measures.
As Clownstrike proved.
Bricked is a very fair analogy.
I concur, bricked to me means "You can't even re-install without a specialist programming device, or possibly a soldering iron and custom cables, if you have a decent secure system (i.e secure boot working properly) bricked would mean replacing one or chips at to bring back to life"
For A PC Bricked would mean that UEFI/BIOS no longer starts, so you don't even get to try and re-install
/Rattus
"This time it ended relatively harmlessly"
How relative is "relatively"? I doubt those who missed hospital appointments, flights or whatever think it ended in any way harmlessly. It's not Cloudsrike and Microsoft's customers who count here, it's their customers and, no doubt, innocent bystanders as well.