Jump to content
  • Sign Up
×
×
  • Create New...

CrowdStrike incident shows we need to rethink cyber

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

CrowdStrike incident shows we need to rethink cyber

When your organisation becomes the subject of negative news, it is crucial to respond effectively and strategically to minimise damage and rebuild stakeholder trust.

Learning from such experiences and planning to prevent future incidents are vital takeaways. In our industry, security failures can be catastrophic when organisations are unable to function, as seen in the recent CrowdStrike incident. Despite many successes, CrowdStrike has faced multiple episodes of criticism in the past, including during the 2016 Democratic National Committee hack investigation for prematurely attributing the ******* to Russia. More recently, a flawed update to their Falcon platform led to widespread system crashes affecting entities like the NHS, HSBC, and several *** airports, with top 500 US companies incurring estimated losses of $5.4bn, excluding

This is the hidden content, please
.

People often jump to the conclusion that every problem is a security issue, assuming there must be a “bad guy” involved. But what exactly do we mean by a security issue? Is it only a security issue if there’s a malicious actor?

This mindset is counterproductive for security teams and unhelpful for businesses in managing information security risks. It affects how they approach security within their culture and with their employees.

Cyber ***** face many challenges

Cyber security professionals face numerous challenges beyond their day-to-day tasks, including skills shortages, time constraints, and insufficient budgets or training. In the ***, this skills gap is evident, with half of businesses relying on just one person for cybersecurity.

This is the hidden content, please
. Cyber professionals struggle to update their skills or recruit talent due to being understaffed, underfunded, and under pressure.

Among the 53% of cyber sector firms with vacancies since 2021, 67% reported difficulty filling positions, consistent with previous findings from the Ipsos Cyber Security Skills in the *** Labour Market 2022 study. The main challenges are a lack of candidates with technical expertise and the offering of low pay or benefits compared to the demands of the roles.

Cyber professionals are overwhelmed by their workload, partly due to solutions marketed as comprehensive fixes that merely add to their management responsibilities. Cyber teams constantly strive to do more with less. Half of cyber security professionals cite their daily workload as a major stressor, while 30% lose sleep over the threat of cyber attacks.

The cyber security community also faces immense pressure to maintain a flawless reputation, highlighting the high demands and expectations placed on them. Most teams are so preoccupied with immediate threats that they lack the bandwidth to anticipate future challenges. Compounding this issue is our reliance on a few tech giants:

This is the hidden content, please
dominates office software, whilst also leading in cloud storage alongside
This is the hidden content, please
, leaving organisations with limited choices.

Over-reliance on major providers like

This is the hidden content, please
or
This is the hidden content, please
can lead to several challenges for organisations, including vendor lock-in, reduced negotiating power, and increased security risks. It can also stifle innovation and limit customisation options due to the standardised nature of these platforms. Dependence on a single provider heightens vulnerability to service outages and can result in cost increases over time. Additionally, organisations may face difficulties ensuring data privacy and compliance across different jurisdictions. To mitigate these risks, it is advisable for organisations to diversify their technology stack and adopt a multi-vendor strategy to enhance flexibility and resilience.

Security teams are not just there to combat malicious actors; they play a vital role in addressing security incidents and mitigating issues arising from inadequate training or poor organisational culture. Focusing solely on assigning blame undermines effective security practices and creates a toxic environment. If the aim is to find scapegoats, it will deter talented individuals from wanting to work in such a punitive setting. Instead, we should foster a culture of accountability and collaboration, where security teams are empowered to protect and educate rather than just react and defend. 50% of cyber professionals said their two main sources of stress is their day-to-day workload, while 30% are kept awake at night

This is the hidden content, please
.

What constitutes a cyber incident?

Of course, the CrowdStrike incident was initially classified as a non-cyber security issue, but it should be considered as such because it resulted in one or more information systems becoming unavailable. Often, discussions around cyber security focus narrowly on data breaches and personal information, while others only consider IT system failures. What we need is a comprehensive definition that encompasses all these aspects. Any unplanned system outage that disrupts legitimate access qualifies as an information incident. Therefore, if we redefine “cyber incident” as “information incident,” it accurately captures the nature of the CrowdStrike situation.

The belief that a cyber security incident requires a malicious actor overlooks the impact of accidental internal errors or misconfigurations by our IT teams or supply chain partners. By fixating on the term “cyber,” we risk ignoring the broader scope of threats and reducing our effectiveness in handling incidents. We must recognise that cyber security encompasses both external attacks and internal mishaps, and adapt our strategies accordingly to ensure comprehensive protection.

Organisations may see an overlap between cyber and information management teams because cyber security frameworks, like those from NCSC and NIST, encompass more than just IT. These frameworks include elements such as people, property, business continuity, and information, traditionally seen as part of information assurance. Labelling all these elements as “cyber” creates challenges for IT teams, which may lack the skills to manage areas like supply chain assurance audits. It is crucial for organisations to recognise this distinction and ensure that cyber teams have a clear understanding of their responsibilities to avoid encroaching on roles traditionally handled by information management teams.

If there is confusion over who manages cyber and information security, leadership must intervene to clarify roles and provide direction. It is not solely the responsibility of cyber teams to prevent security breaches; senior management must ensure that all staff adhere to security best practices.

This is the hidden content, please
recently highlighted this issue by making security its top priority for every employee, following years of criticism and recent severe rebuke from the US government,
This is the hidden content, please

Supplier integration

Although the latest story focuses on CrowdStrike, CrowdStrike and

This is the hidden content, please
are interconnected in the cyber security realm through their complementary security solutions and partnerships. CrowdStrike provides advanced endpoint protection and threat intelligence, while
This is the hidden content, please
offers a range of security tools like
This is the hidden content, please
Defender. Their products often integrate to create a layered defence strategy for organisations.

This is the hidden content, please
’s recent security breaches have included significant issues such as the exposure of sensitive data and vulnerabilities in their systems. Notably, a critical flaw in
This is the hidden content, please
Exchange Server, exploited by attackers, led to widespread data breaches affecting numerous organisations. Additionally, vulnerabilities in
This is the hidden content, please
’s cloud services have also been targeted, raising concerns about data protection and overall security. These incidents have underscored the need for enhanced security measures and prompted
This is the hidden content, please
to prioritise security across its products and services.

Organisations like

This is the hidden content, please
and CrowdStrike, which hold significant influence over global security systems, must maintain an unimpeachable standard of security. Given their central role in protecting countless systems, their processes and procedures should be rigorously designed to prevent breaches and incidents. These companies should be held to the highest standards of accountability and excellence, reflecting the critical nature of their security responsibilities.

Business continuity and the cloud

For years, we’ve been assured that the cloud offers superior security and resilience compared to in-house solutions, leading us to relinquish control over our own resilience. When incidents like the recent CrowdStrike ******** occurs, it raises a critical question: have we incorporated such scenarios into our business continuity and resilience planning? Or have we mistakenly placed ****** ****** in the cloud’s infallibility, assuming it will always be reliable?

All organisations should go back to their business continuity plans and ensure that they include resilience planning for incidents such as this. The initial promise of the cloud was enticing: lower costs, greater agility, and enhanced innovation. However, the reality is painting a different picture. 43% of IT leaders found that moving applications and data to the cloud was more expensive than expected, according to a survey by Citrix. Cloud repatriation which is the name given to the shift we are seeing by organisations who are bringing their services back in house to be able to manage it themselves.

Our business continuity planning must be robust enough to address potential failures and avoid the fallacy of assuming that major cloud providers are infallible or inherently superior. Relying on the assumption that security is automatically built into our cloud solutions can be misleading, much like past experiences with security equipment. We must critically evaluate and prepare for vulnerabilities, rather than taking on ****** ****** in the cloud’s reliability.

Don’t blame cyber teams for wider problems

Let’s not blame the cyber security profession for the failings of big tech, where many may lack deep cyber security expertise. Remember, big tech companies prioritise profit, and their complex systems, composed of vast amounts of code, are always susceptible to vulnerabilities and coding errors that can cause outages. It is our responsibility as cyber security professionals to ensure our internal resilience is strong enough to handle such incidents. While this is challenging given our reliance on these providers, it is essential to maintain rigorous internal defences.

Cyber security professionals often go unrecognised for their successes and are only noticed when issues arise. To improve our visibility and perception, we need to enhance how we present ourselves and integrate more effectively into the business. The stereotype of cyber security teams as isolated and defensive is partly due to the frequent blame and criticism they face when incidents occur. Many aspects of what is now considered “cyber” are beyond the direct control of most cyber security teams, yet they are often unfairly held accountable and punished for problems outside their influence.

Effective leadership is crucial in defining clear responsibilities within our teams and ensuring that senior leaders comprehend what our cyber security teams are communicating. Leadership sets the tone, and cyber security practices follow this guidance. Leaders must be well-versed in key cyber security risks and actively collaborate with their teams to clarify roles in risk management and mitigation. It is essential for leadership to understand both the nuances of cyber risk and the business implications, while cyber security professionals need to communicate more effectively in terms of business risk. Often, senior leaders struggle to grasp the broader impact and may not recognise that some issues require decisions beyond the cyber team’s control. Cyber security should be integrated into every aspect of the business, rather than being seen as a peripheral concern.



This is the hidden content, please

#CrowdStrike #incident #shows #rethink #cyber

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept