More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers.
The recent massive worldwide outage caused by a faulty Crowdstrike sensor content update has had a similar effect on many German organizations, a recent report by the German Federal Office for Information Security (BSI) and Germany’s digital association Bitkom has revealed.
“The survey is not representative, but it does provide a meaningful picture of the mood for affected companies in Germany,” the BSI noted.
The effects of the outage
Of the 311 German companies polled, 62% were directly affected by the faulty CrowdStrike update (i.e., their PCs or servers were paralyzed), and 48% were indirectly affected (i.e., because their suppliers, business partners, and/or customers were affected).
40% of the 205 companies that were affected directly were unable to collaborate with or provide services to customers for a time. 48% had to cease operations – either completely or partially – due to the problems that arose, and it took them (on average) 10 hours to resume operations in their entirety
It also took companies 2 days and 422 human-hours, on average, to resolve the situation.
What did the Crowdstrike outage bring to light?
“A majority of 62 percent of the directly or indirectly affected companies had prepared an emergency plan for such IT failures – and it mostly worked,” BSI and Bitkom found.
“For 19 percent of the affected companies with an emergency plan, the processes worked very well, and for 45 percent they worked fairly well. Conversely, for 12 percent the plan did not work very well, and for only 2 percent it did not work at all. For around a fifth (22 percent) the emergency plan was not used.”
Most companies solved the problems by themselves, without outside help from Crowdstrike, Microsoft, or external IT services providers.
Changes made and plans for the future
The incident has spurred companies to implement (or plan to implement) a number of measures to prevent similar incidents in the future or mitigate their consequences:
- Creating/revising an IT emergency plan (66%)
- Conducting training courses (55%)
- Improving patch management (55%)
- Increasing regular updates and maintenance (52%)
- Introducing or improving backup systems (49%)
- Increasing network segmentation (49%)
- Building redundancies in IT (48%)
- Implementation of zero-trust architecture (39%)
- Increased use of cloud services (35%)
- Implementation of offline fallback solutions (31%)
- Review/adjustment of service level agreements (31%), etc.
Interestingly enough, even though two-thirds (64%) of the polled organizations think that an incident like the CrowdStrike outage cannot be completely prevented, 30% have or are planning to diversify IT security solutions they use.
10% of the polled organizations have already changed or are planning on changing cybersecurity providers (though it’s unknown whether they use Crowdstrike). One in five of the organizations has also said that they will change their criteria for selecting IT security providers.
Whether the outage will have a sizeable negative effect to Crowdstrike’s bottom line remains to be seen, but it spurred Microsoft to discuss strategies for improving systems’ resiliency with endpoint security vendors.