CrowdStrike is currently facing a lawsuit from shareholders, accusing the company of making "false and misleading" statements about its software testing processes, allegedly contributing to the global IT outage. CrowdStrike has claimed that a single sensor error led to the worldwide outage. CrowdStrike will provide customers additional control over the deployment of similar updates.
Delta's pursuit of damages: Delta Air Lines, significantly affected by the outage, accused Crowdstrike of "negligence", saying it was forced to cancel thousands of flights because and had lost at least $500m (£392m) as a result.
Public outcry over apology voucher: CrowdStrike's attempt to pacify affected customers with a $10 apology voucher has drawn public criticism, with many, including lawmakers and industry experts, deeming the compensation inadequate, given the severity of what some are calling "the largest IT outage in history."
Key insights: The recent CrowdStrike outage together with Cyber-attacks from hostile states and the recent Post Office scandal is a timely wake-up call for the businesses and the government to increase their investment and oversight of Cybersecurity, underscoring the need for more robust cybersecurity measures and greater focus on operational resilience and governance. Here are three actionable steps for businesses and governments:
Key role of Government to increase Cyber-Resilience and media literacy - Governments should recognise the importance of cybersecurity being woven into the DNA of our national infrastructure and education, invest in cybersecurity education and infrastructure, promoting a cyber-resilient society. Requiring greater transparency from technology giants that have such a huge impact on our lives is crucial. Supporting small and medium-sized businesses in building resilience is essential.
Increased Board and Senior Management Involvement: Company boards should include members with specific responsibility for cybersecurity and operational resilience. This accountability will foster a culture of security from the top down. To ensure accountability company boards should include members specifically responsible for cybersecurity and operational resilience. Board and Senior Management should provide strategic oversight for developing and enhancing the operational resilience framework, governance and operating model. They will also be key to enforce a secure and resilient by design culture, prioritising critical services.
Close alignment between CIOs and CROs to ensure a proportionate response - This is even more important given the Global outage highlighted great risks of the interconnected nature of global IT systems and the potential for an error to have outsized consequences. It is recommended there is mandatory reporting of cyber breaches and Board reporting on cyber risk (within their organisations and critical third parties).
For more information please visit Alina Timofeeva