When the Crowd Strikes, Big is Bad
Often, cybersecurity incidents, IT outages, and network disruptions are most damaging to small businesses. Already running on razor-thin margins, small and medium sized businesses (SMBs) can be permanently destroyed by a ransomware attack or a multi-day lockup of their IT systems. Meanwhile, larger companies typically have the balance sheet and bargaining power to pay a ransom or shake off a couple days or weeks of disruption. When it comes to software, IT, and cybersecurity, it's typically good to be big.
But this past weekend, the paradigm flipped. On July 19th, when CrowdStrike broke Windows, it was bad to be big. Indeed, insurers are already estimating that Fortune 500 companies will suffer more than $5 billion in direct losses resulting from the CrowdStrike-caused outages of last weekend. Many companies are still struggling to fully recover operationally, and they will continue to feel the effects of the outage over the coming weeks.
Luckily, small and middle market CrowdStrike customers (think companies with less than 5,000 employees) that generally do not field their IT and cybersecurity teams in-house were able to fix their problems more quickly. In many cases, they called their third-party technology service provider, who helped them get back online quickly. These outsourced “managed services” providers can function as a choke point, as they often hold the keys to their clients’ digital kingdoms. But holding these keys also allows managed service providers the ability to move fast and fix problems for their customers. And regardless of whether they rely upon third party service providers, small and middle market customers also tend to have less sprawling IT environments, making recovery quicker and more efficient.
We saw this firsthand at the family of managed IT and cyber services companies owned by Worklyn, where about a quarter of our IT and cybersecurity customers were running CrowdStrike. Our Security Operations Center (SOC), Network Operations Center (NOC), and IT help desk teams quickly diagnosed the problem, and then raced to help our customers get back up and running. One advantage of the Worklyn “family of providers” is that once one Worklyn-owned company figured out the solution for one customer, the rest of the Worklyn sibling companies and customers benefited. Meanwhile, the smallest companies, the ones that cannot afford CrowdStrike (it’s a great endpoint security product, but it’s the premium offering with more security features than most SMBs need) avoided disruption almost entirely.
On the other hand, large companies with complicated global operations stretching across many connected devices and systems have been buffeted. Looking at you, Delta Airlines. Without a doubt, the CrowdStrike-induced outage destroyed plans and wreaked havoc on airline customers. Around 5,500 flights were cancelled at short notice on one of the busiest travel weekends of the year. Several days later, a tool that Delta uses to track crews is still affected and struggling to process the high number of changes triggered by the outage, continuing to delay flights. From a financial perspective, these events will lead to notable lost profits for Delta and other large companies who experienced significant disruptions. Early estimates suggest that large airlines lost over $1 billion due to the CrowdStrike glitch.
Cybersecurity is meant to be a business enabler, even a differentiator, enhancing companies’ brand and trust. So it’s disappointing to see cybersecurity become the exact opposite- a business disruptor that erodes customer and partner trust.
For us here at Worklyn, the event was a stark reminder that no organization should fight the cyber battle alone, and that every company needs smart humans dedicated to securing and managing their complex IT environments on a 24x7 basis. For all but the very largest companies, the best bet is to complement your internal team with a team of experts who deeply understand the cybersecurity, IT, and business software and hardware products you’ve deployed in your network – a team who can help you manage those products, and who stand ready to jump and lend a hand if anything goes haywire.
CrowdStrike itself learned this lesson the hard way; as it appears that an automated, cloud-based software testing and bug detection system is what ultimately allowed the bug in their Falcon software update to make it past Quality Control and over to customer devices. You can bet that CrowdStrike will be testing their next batch of software updates manually, with multiple layers of human review.
And to the guy or gal at CrowdStrike who gets fired for allowing this to happen on their watch: we’re hiring over here at the Worklyn companies. In fact, we’ve got a talented application security testing team that would be happy to show you a thing or two.