On July 19, a significant disruption unfolded for users of CrowdStrike, a leading security platform embedded in numerous Microsoft products. Despite being designed to shield against cyber threats, the system itself experienced a critical failure, leaving many businesses unexpectedly offline. In this blog, we’ll break down what happened, why it was such a major event, and how you can protect your business from similar incidents in the future.
What Happened?
On July 19, Microsoft reported that approximately 8.5 million devices were impacted by an unexpected critical failure. The result was widespread disruptions, with many users facing the infamous Blue Screen of Death rather than their expected screens. This incident has been described as one of the largest outages in history.
Was It Really That Big?
Absolutely. The scale of this outage was monumental, reminiscent of the digital catastrophe that was anticipated with the Y2K bug at the turn of the millennium. Although less than 1% of Windows-based machines globally were affected, the incident was massive because it came from an approved and trusted vendor, catching many off guard.
Who Was Affected?
The outage had a far-reaching impact on numerous high-profile entities:
- Airlines: Delta, United, and American Airlines had to cancel over 10,000 flights worldwide.
- Healthcare: Healthcare providers, including the NHS, experienced disruptions in appointment systems.
- Broadcast Media: Sky News and other outlets went off the air.
- Banking: Many customers faced difficulties accessing online banking services.
The breadth of the outage highlights its severity and the broad swath of industries affected.
What Caused the Outage?
The problem stemmed from a configuration update released by the Falcon platform, which carries the CrowdStrike solution embedded in Microsoft machines. This standard update rollout contained a logic error, leading to a crash of millions of Windows devices. The devices became inoperative using the normal boot process, causing significant disruptions.
Has the Issue Been Resolved?
Yes, CrowdStrike acted swiftly, deploying a fix within 80 minutes. However, the damage was extensive, and resolving it required manual intervention. IT administrators needed to boot affected systems into Safe Mode or the Windows Recovery Environment to delete the faulty file. This process often involved physically attending to each machine, a daunting task for large operations such as airlines.
Could My Business Be Next?
While Mac and Linux users were unaffected, this ‘friendly fire’ incident—originating from a trusted source—bypassed multiple corporate firewalls and off-the-shelf software protections. This incident serves as a stark reminder of the need to prepare for unexpected challenges, even from seemingly trusted sources.
What Can You Do to Protect Your Business?
Here’s how you can better prepare for future incidents:
1. Ensure Robust Protective Software
Make sure your protective software solution is up-to-date and consistently patched. Regular updates help keep your defenses strong against emerging threats.
2. Prioritise Data and Backup Solutions
Have a solid backup strategy in place to ensure business continuity, regardless of the cause of disruption. Regularly back up your data and verify that your backups are functional.
3. Consider Cyber Essentials Accreditation
Cyber Essentials accreditation establishes a baseline for cybersecurity and helps protect against IT security breaches. This certification is increasingly required for government contracts and commercial tenders. It focuses on securing internet connections, devices, and software from malware, and controlling access to data and services.
How Sprint Can Help
At Sprint, we offer comprehensive solutions to help you prepare for and recover from such incidents:
Datto SaaS Protection
For cloud data, Datto SaaS Protection provides military-grade security against ransomware and ensures business continuity. It’s an essential tool for safeguarding your cloud-based information.
Datto BCDR (Business Continuity and Disaster Recovery)
For local data, Datto BCDR is our go-to solution, and Datto SIRIS is a key product in this lineup. It offers advanced backup and disaster recovery capabilities, ensuring that your physical and virtual systems are protected and can be quickly restored.
WatchGuard EPDR
For endpoint protection, we utilise WatchGuard EPDR (Endpoint Detection and Response). This solution safeguards your computers and servers against threats, providing robust protection and quick response capabilities.
Datto Siris
Datto Siris is an all-in-one data protection solution designed for SMEs. It offers not only backup and recovery but also full business continuity and disaster recovery in a single integrated stack. This is particularly beneficial for large operations like global airlines. Plus, Sprint provides an always-on monitoring service and helpdesk support to ensure your systems are continuously protected.
Conclusion
The CrowdStrike outage serves as a crucial reminder of the importance of robust cybersecurity measures and preparedness. While no system is immune to issues, having the right protective measures and backup solutions in place can make a significant difference in how quickly and effectively you can recover.
Sprint is here to help you navigate these challenges with our top-tier security solutions and disaster recovery services. Contact us today to learn how we can enhance your cybersecurity strategy and ensure your business remains resilient in the face of unexpected incidents.