So what happened this week? CrowdStrike!
Clients of a cybersecurity company called CrowdStrike, whose system proactively protects against cybersecurity exploits, found their Windows systems would not boot. This was caused by a misconfigured file that was distributed to the Windows systems, which when accessed in the boot process created a crash and consequent reboot. This manifested as a “Blue Screen of Death” (BSOD). There were recovery mechanisms, some businesses were out of action for considerable periods.
“I don’t run CrowdStrike. How is this a problem for me?”
You should assume that you dodged a bullet. You need to grasp this opportunity to ensure that when this happens again – however your systems became corrupted that you have a plan. At minimum you need to review, test and update all of the following:
- Your IT Disaster Recovery Plan
- Your Business Continuity Plan
- The location of critical information for your infrastructure. That means BitLocker keys, system passwords, access to key personnel. This is all in your DR plan.
- Backup period, timing and validity. Check what backups you have right now. When are the next ones going to run. Can you restore them? When did you try last?
This may be an in-house solution. It may involve an MSP or IT support company. It may involve other partners and vendors.
Final Points
You need to take action.. If you were a CrowdStrike customer you were impacted. If you are not, you need to act as though you were.
You need to run a post mortem; see how your Incident Response would have been triggered; determine your CAPA (Corrective Actions Preventive Actions) report; and give yourself a score on all the plans that would have been followed. Be aware, this will happen again.
