The global IT community experienced a seismic shift in how we perceive security when CrowdStrike, a leading cybersecurity firm, was involved in a global outage that sent shockwaves across businesses worldwide. This incident isn’t just a cautionary tale; it’s a wake-up call to reevaluate how we protect ourselves and our clients.
What Happened: How a routine update led to widespread chaos and calamity.
On July 19, 2024, a single automated software update brought much of the global economy to a sudden halt. The incident caused a significant global IT outage, disrupting services and highlighting vulnerabilities in cybersecurity, particularly for organizations relying heavily on outsourced cloud-based services. According to CNN, the CrowdStrike incident is now the largest IT outage in history and will cost Fortune 500 companies alone more than $5 billion in direct losses.
The outage underscores a critical truth: This could have happened to anyone. As businesses lean more heavily on cloud-based services and outsource essential operating functions, the potential points of failure multiply. At 24Notion, the hard work we do for our clients depends on the seamless operation of multiple platforms, tools, and services—many of which are not hosted on-premises. From CRM systems to content management platforms, our reliance on third-party providers introduces additional endpoints that need securing. Each of these endpoints is a potential vulnerability, and the CrowdStrike incident shows that even the most trusted partners can face significant disruptions.
There’s a lot we do to protect our clients and our employees, and fortunately, there are many ways companies can defend their businesses and people from radical errors and insidious breaches.
Simple Ways to Improve Security:
1. Implement a strong VPN strategy
A Virtual Private Network (VPN) is no longer optional—it’s essential. By encrypting internet connections and masking IP addresses, VPNs reduce the risk of data interception and protect sensitive information from prying eyes. Ensure everyone, especially those working remotely, uses a VPN when accessing company systems.
2. Conduct regular security audits
Are your passwords strong enough? Are employees following best practices when accessing sensitive data? It’s crucial to regularly review your security protocols and regular audits help identify and address weaknesses before they can be exploited.
3. Enhance endpoint security
The more endpoints you have—whether they’re cloud services, remote workers, or IoT devices—the more vulnerable your business and its’ network becomes. You can implement various of endpoint security measures, including firewalls, antivirus software, and intrusion detection systems that ensure that every device that accesses your network is secure.
4. Develop a comprehensive disaster recovery plan
We can’t predict every incident, but we can prepare for them. A disaster recovery plan outlines the steps your team will take in the event of a cyberattack or data breach. This should include roles and responsibilities, data backup protocols, communication strategies, and a clear action plan to minimize downtime and data loss.
5. Educate your team
Your security is only as strong as your least-informed employee. Regular training sessions on cybersecurity best practices are vital. Make sure everyone understands the importance of vigilance, from recognizing phishing attempts to securing their devices.
Next time might not be an accident
The CrowdStrike incident serves as a powerful reminder that in the digital age, security cannot be an afterthought. It underscores the fragility of our digital infrastructure, the interconnectedness of businesses and our reliance on complex software ecosystems.
We all have a responsibility to protect not only our data but also the data of our clients, partners, and employees. By implementing preventative measures and developing robust security strategies, we can mitigate risks and continue to deliver exceptional service—even in the face of unforeseen challenges.