CrowdStrike outage: security tips while hackers take advantage of chaos

Many directors had their weekend plans interrupted by the CrowdStrike outage that swept across the world late on Friday afternoon. 

Microsoft reported a faulty CrowdStrike update caused disruptions to 8.5 million Windows devices, with a significant number of New Zealand companies caught up in the mayhem.

While businesses are focused on getting systems back online or checking how key stakeholders have been impacted, it’s important they don’t let their guard down when it comes to cyber security. 

Hackers thrive in chaos. The CrowdStrike outage is the perfect backdrop to launch a new wave of attacks looking to take advantage of stressed and confused workers. 

As directors, you must ensure your teams stay vigilant.

The team at Aura Information Security has put together a number of tips you should focus on this week: 

• Be aware of opportunistic cybercriminals who might attempt to impersonate IT help teams, CrowdStrike Support or Microsoft to trick unsuspecting employees. Malicious hackers aren’t above turning a crisis to their advantage. 
• If employees are using personal laptops while their Windows devices are out of action, make sure they follow the same guidelines around cyber security. This includes checking before clicking links, downloading documents and using Multi-Factor Authorisation.
• Stay hyper-vigilant with your network monitoring. Keep an eye out and review logs for any usual activity that might be missed with the disruption.
• Once the issue is resolved and affected devices are restored, make sure any workarounds, such as allowing personal laptops to be used, or relaxing cloud access to enable collaboration, are reverted back. 
• Similarly, make sure you test your environment once systems are restored to ensure any security settings or configurations haven’t dropped out.
• Take care of your IT teams and engineers. The recovery process will be arduous and manual for many businesses. Make sure your leadership teams support and prioritise workloads so the recovery can be done with good cyber security practices front and centre. Don’t rush recovery at the expense of opening yourself up to an attack. A slower, more thorough process is best.

I know many organisations will be entirely focused on righting the ship, but businesses can’t afford to have a lapse in cyber safety. It’s well worth circulating these tips with your executive teams while giving them all the support they need to get through these stressful times.

At the director level, this incident is another good prompt to look at your organisation’s Incident Response or Disaster Recovery Plan, a document that outlines what to do in response to a natural disaster, cyberattack or IT outage. 

Technology is a great enabler but with networks and digital supply chains so interconnected, the risk of a domino effect, where one technology outage or issue impacts a much wider group, is very real.

The truth is, most New Zealand organisations don’t have any sort of plan in place, or at least one that’s updated, recently tested and ready to be put into action. These are the companies that would have found themselves in a particularly vulnerable situation on Friday evening.

In the “fog of war”, a good plan helps guide operational staff to adopt back-up systems or processes, in order to keep critical business going. Even reverting back to pen and paper can be an effective way to stay operational – so your plan should factor in scenarios of what to do when reliance on IT is not possible.

We don’t know when the next global outage will occur, or when the next cyber incident will impact your business, but with an increasing reliance on digital infrastructure, it’s more likely than not that something similar will occur in the future.

So, for now, I advise all directors to put developing or updating your organisation’s Disaster Recovery or Incident Response Plan on the top of the board agenda. It may make all the difference next time you’re facing a crisis.