Fundamentals of the Future
HLB Cybersecurity Report 2024
A critical disruption of CrowdStrike’s services may have triggered the tech outage of 2024, but it sent a clear message to the business world that even their most advanced systems could fail. It was an unexpected event that exposed vulnerabilities across various sectors, and it highlighted the need for a robust crisis management program.
While organisations increasingly rely on digital infrastructure, effective risk assurance and contingency planning must be top of mind. Let's take a closer look at the tech outage of 2024 and what it might mean for your business.
Understanding the CrowdStrike tech outage of 2024
CrowdStrike is a top-level cyber security firm and has a reputation for advanced endpoint protection services. In July 2024, a major outage struck the company which lasted for approximately 48 hours. During this time, the outage was to disrupt operations for many businesses that fully relied on CrowdStrike’s solutions for cybersecurity protection. These companies ranged across various sectors from finance to manufacturing, and healthcare to retail. Many of them were completely unable to access their data or maintain normal operations during the outage.
Apparently, the root of the issue was due to a critical software update failure within CrowdStrike systems. This triggered a run of technical problems which struck down their services for two days. Companies that exclusively relied on CrowdStrike faced operational paralysis and some estimates suggest that the outage caused more than £500 million in collective losses.
Crucially, the incident shows that even the most sophisticated cybersecurity providers can fail, and this challenges any assumption that such systems could be infallible. Furthermore, any business that was over-reliant or had failed to diversify its security measures scrambled to get back control. To put it another way, they may have placed too much reliance on a single vendor.
What are the key lessons from the outage?
Above all else, the CrowdStrike outage was a wake-up call and provided a number of valuable crisis management insights. Here are some of the critical lessons that show how an organisation can create a more resilient strategy:
Risk management
Due to the outage, companies realised that no technology, no matter how sophisticated or favoured, could guarantee immunity from disruption. This leads to critical assessments about managing risk.
- Nothing is entirely foolproof, with even industry-leading solutions prone to unforeseen technical failures.
- Continuous risk evaluations are important, as potential risks increase as technology evolves. It’s critical for company leaders to assess their technology stack to look for vulnerabilities and address them in a proactive manner.
HLB Global can give you an expert risk assessment, to help you identify possible weaknesses in your systems. Our risk assurance services ensure that companies are not blindsided by disruptions and can implement strategies to mitigate any risks.
Contingency planning
Many companies came to understand how important it is to have a well-thought-out contingency plan. Any organisations that did have robust backup solutions, different security protocols, or well-practised crisis management strategies fared much more positively and were able to navigate the disruption more effectively.
BlackBerry gives us a strong example of a company that was able to continue operations with minimal disruption during the outage. They had a robust approach to communication, control, and continuity, allowing them to maintain essential functions. Blackberry was also able to use crisis management tools like "AtHoc," featuring real-time communication, so both teams and customers could stay informed and connected during the outage.
Here are some key elements of effective contingency planning:
- Regular updates to keep pace with rapid changes in technology, developing contingency plans that evolve and remain effective. Companies ought to review and update their plans regularly and look for new threats or changing operational landscapes.
- Crisis simulations to ensure that the team understands individual roles and responsibilities should an actual disruption occur. These valuable exercises help to identify gaps in any response plan and improve overall preparedness.
Vendor selection
This incident highlighted the risks of overdependence on a single vendor. In fact, many companies suffered an extended period of downtime because they didn’t have alternative solutions. This emphasised the need for a diversified vendor strategy, and this is what you should consider going forward:
- Diversification by maintaining relationships with multiple vendors. This can ensure you have alternatives in place if one of them were to fail.
- Vendor risk assessments are also important as you can assess whether that organisation is resilient and has good crisis management capabilities. Look carefully at their risk profiles to ensure they have their own contingency plans.
Managing Public Relations
The CrowdStrike outage shows just how important effective communication can be during any crisis. Those businesses that talked openly and honestly maintained public trust. However, those that were transparent and quick off the mark tended to suffer less reputational damage. For example, LinkedIn quickly responded to the outage. Even though they experienced disruptions they acted promptly by talking to their users, giving clear updates, and deploying their own IT teams to address the issues. This level of transparency throughout the process was praised for its robust digital resilience and fast response.
These are the takeaways about crisis communication:
- Be fully transparent, as customers and stakeholders will need timely and accurate information. Give them an honest appraisal of the situation, your response actions, and the expected timeline for a fix.
- Prepare your PR strategies with pre-drafted communication templates and other strategies for different crisis scenarios. You’ll be able to respond quickly and consistently, so you can maintain control of the narrative.
Hear Lesley Woods' (Head of Partnerships; UK MOD) top three tips for leadership and communication, speaking at the 2024 HLB Audit-Tax-Advisory Conference in Prague.
Rest assured with HLB
The 2024 CrowdStrike tech outage proved that even the most advanced cybersecurity providers could face crippling disruptions, and it emphasised the need for comprehensive risk management and crisis preparedness. It also showed that businesses have to manage risk proactively, develop contingency plans, diversify vendor relationships, and be fully transparent with all stakeholders.
HLB is ready to support your organisation through challenges such as this. We have a risk assurance service that encompasses every aspect of crisis management. We’ll help you identify potential risks, develop or test contingency plans, evaluate your third-party vendors, and craft effective communication strategies. We always take a holistic approach to risk and want to ensure that your organisation is as prepared as possible to face and overcome any crisis.
Contact HLB today about our risk assurance services. We can help you fortify your organisation against the uncertainties of the digital age.