Thursday, November 21, 2024

Embracing Transparency: Unraveling the Public CrowdStrike Event

We are currently navigating a landscape filled with cyber ‘incidents,’ ranging from WannaCry to MOVEit. It is, however, quite uncommon for a vendor to find themselves at the center of such an incident in a significant manner. This brings us to CrowdStrike. It’s important to clarify that while the CrowdStrike IT outage was not a cyber incident, it nonetheless propelled CrowdStrike into the global eye, prompting a critical question: Are we too dependent on certain organizations? What if a similar situation arose from a cyber attack?

In the immediate aftermath of such significant incidents, there’s a strong public demand for answers, accountability, and responsibility. This is a natural reaction in times of crisis. To foster a more resilient community, understanding the underlying causes of failures is essential. For cybersecurity professionals, every incident—be it cyber, IT, or technology-related—triggers a period of reflection and a drive to uncover its root causes. This knowledge is vital for mapping out lasting implications and formulating prevention and response strategies.

Although the recent IT outage was not a conventional cybersecurity breach, it highlights the importance of secure software development. The over-reliance on a small number of companies for critical infrastructure presents single points of failure and vulnerabilities related to third-party risks, which is highly concerning.

CISA’s Secure By Design initiative represents progress towards safe software development, urging organizations to embed security into their development frameworks. However, achieving industry-wide adoption necessitates a blend of regulation, government support, and collaborative efforts. Implementing security by design is especially crucial, given the difficulties of retrofitting existing systems. While building securely may not appear to be the quickest or most cost-effective approach initially, it is a responsibility that cannot be overlooked, as it often reduces costs and time over the long haul.

In addition to security considerations, there’s the aspect of crisis communication, crucial for managing damage control among customers, partners, and stakeholders. A company’s approach to handling a crisis—both publicly and privately—can significantly influence its future.

CrowdStrike’s management of the incident stands out for its transparency. The company prioritized moving forward rather than engaging in blame games. By issuing regular statements and providing a detailed post-incident investigation report, CrowdStrike kept customers, partners, and the broader community informed. Their reporting, while cautious of over-disclosure, explains the rationale behind specific decisions made during the incident, recognizing that the situation continues to evolve. Transparency is often lacking in cybersecurity, making it all the more vital in these circumstances.

Conversely, CrowdStrike appears to be engaging with the community more humbly in the aftermath of the incident. Accepting the ‘Most Epic Fail’ Pwnie award at DEF CON symbolizes a unique way of acknowledging its shortcomings. While this does not diminish the seriousness of the situation, it strategically reflects the company’s approach to restoring its reputation within the community.

One thing is clear: our industry must prioritize transparency, not only in times of crisis but as a standard practice. Openness is essential for enhancing security, ensuring stakeholder satisfaction, and building resilience.

Elliott Wilkes is the CTO of Advanced Cyber Defence Systems. He is a seasoned digital transformation leader and product manager with over a decade of experience collaborating with both the American and British governments, recently serving as a cybersecurity consultant to the Civil Service.