Clarity Blog

Crowdstrike’s Incident Reveals Issue With Software “Best Practices”

Written by Clarity Security | Jul 22, 2024 8:53:59 PM

Introduction

The cybersecurity world is divided between those who swear by the comprehensive coverage of software suite solutions and those who advocate for the simplicity of point solutions. This division leads to an ongoing debate on what's best for company security. Generally speaking, software suite solutions have been accepted as “best practice” in the cybersecurity industry with as many as 78% of organizations today relying on suite solutions to secure their digital boundaries. However, despite the apparent convenience of suite solutions, the recent incident with Crowdstrike highlights a major issue that leaves many cybersecurity leaders with one question to ask themselves: Are software suites worth the risk?

What Happened

On Friday, July 19, 2024, the world was caught by surprise when organizations across the globe woke up to discover that their entire IT infrastructure was non-functional. While initially a mystery, it was soon reported that cybersecurity mammoth, Crowdstrike, caused the outage when they pushed a faulty update to Windows machines. According to a Microsoft blog, the update impacted as many as 8.5 million devices, with large-scale corporations like United Airlines and crucial organizations such as 911 services knocked out for hours as their IT teams rushed to manually fix the issue. 

How Did This Happen?

Crowdstrike is a software company that seeks to protect an organization’s network from hackers and other types of security breaches. In order to do this, they tether their products to devices at a very deep level, including Falcon, their end-point detection and response (EDR) software. In addition to being an EDR, Falcon is also a software suite solution. This means that the platform  runs several different types of applications including cloud workload, endpoint security, threat intelligence, and more.  There are many speculating the massive failure of Falcon may have been due to insufficient testing or a rushed update process, which given the breadth of features and environments in the Crowdstrike suite seems almost inevitable in hindsight. 

Looking through this same lens, it’s clear that the real risk that’s been exposed here is how suites have extended their reach to the point that the risk might out-weigh the benefits.  Microsoft leaned on Crowdstrike because they were a suite solution and corporations rely so heavily on Teams, Microsoft Office, Azure, etc that Crowdstrike taking down Microsoft applications absolutely tanked them in return. It’s a game of dominoes where no one wins in the end.

The Impact

It could be weeks or even months before some organizations are able to realize the true impact of this outage on their systems. Here are a few we know of already:

Increased Risk of Breaches

Whenever a security incident occurs, it opens the door for breaches– and this is no different. Crowdstrike published a blog on July 20th, 2024 notifying customers that there is an eCrime actor already aiming to take advantage of the event, targeting Latin-American customers. The scheme described involves an email with a file download to clear out the contents that allowed the outages. There were many other reported incidents of fake instructions being posted or phishing emails. 

Extra Costs and Loss of Revenue

Companies like Delta Airlines continue to struggle and lose revenue as over 30% of their flights have been canceled over the last three days. And not only are companies losing money from the front door, they are losing it on the backend as well as they are having to push extra budget into increased labor costs, software updates, and hardware replacements as well. According to Spiceworks, these extra expenditures are looking to add up to an estimated $1-$2 billion globally.

Decreased Productivity and Delayed Plans

This incident is forcing many companies to put off the launch of programs, IT audits, and other necessary IT functions in order to get their environments back in working order.

Reputation Damage

It might have been Crowdsrike’s doing, but there’s absolutely no denying that Microsoft is experiencing quite a negative response to the incident, with brand approval ratings down in countries all over the world.

Additionally, PR Week mentions how many B->C companies, like airlines and online brands, have had the unfortunate privilege of bearing the brunt of frustrations, as their customers missed flights and were unable to utilize their services.

Harm to the General Population

Not only was this event bad for business, it severely impacted industries like Healthcare, where many hospitals were struggling to administer medications, get access to patients’ health charts, and more.

How a Point Solution Would Have Differed

One of the biggest benefits of point solutions is that they have control over significantly less, and so testing and verification is much more straightforward. For instance, if you were a company who utilized Slack for corporate communications, Outlook for email, and Clarity for your identity governance, only your email would have been affected by this incident opposed to your entire environment.

And, we know: Finding and onboarding point solutions can be a little more expensive and a bit of a pain. But, in setting up your IT infrastructure to not be over-reliant on one provider, you are creating a safer, more secure environment and insulating yourself against large-scale outages and breaches. Arming yourself with an environment of point solutions allows you to hedge your bets and take control instead of being victim to any update or software change your suite solution provider deems necessary.

How Clarity Can Help

Clarity is a point solution for identity governance, integrating with the rest of your techstack. Our solution was created by security professionals, for security professionals and it’s our goal to help you launch a successful identity governance program without sacrificing your sanity or security. We make access reviews and certifications, identity lifecycle management, orphaned account management, and more easier than ever. 

Schedule a demo today to see how we can help your team build the identity governance function you’ve always dreamed of– without having to fear the type of nightmare only suite solutions can provide.