CrowdStrike is currently facing a lawsuit from shareholders, accusing the company of making "false and misleading" statements about its software testing processes, allegedly contributing to the global IT outage. CrowdStrike has claimed that a single sensor error led to the worldwide outage. CrowdStrike will provide customers additional control over the deployment of similar updates.
Delta's pursuit of damages:
Delta Air Lines, significantly affected by the outage, accused Crowdstrike of "negligence", saying it was forced to cancel thousands of flights because and had lost at least $500m (£392m) as a result.
Public outcry over apology voucher:
CrowdStrike’s attempt to pacify affected customers with a $10 apology voucher has drawn public criticism, with many, including lawmakers and industry experts, deeming the compensation inadequate, given the severity of what some are calling "the largest IT outage in history."
Alina Timofeeva’s key insights:
The recent CrowdStrike outage together with Cyber-attacks from hostile states and the
recent Post Office scandal is a timely wake-up call for the businesses and the government
to increase their investment and oversight of Cybersecurity, underscoring the need for more
robust cybersecurity measures and greater focus on operational resilience and governance.
Here are three actionable steps she advocates for businesses and governments:
1. Key role of Government to increase Cyber-Resilience and Media Literacy:
Alina believes that Governments should recognise the importance of cybersecurity being woven into the DNA of our national infrastructure and education, invest in cybersecurity education and infrastructure, promoting a cyber-resilient society. Requiring greater transparency from technology giants that have such a huge impact on our lives is crucial. Supporting small and medium-sized businesses in building resilience is essential.
2. Increased Board and Senior Management Involvement:
Alina recommends that company boards include members with specific responsibility for cybersecurity and operational resilience. This accountability will foster a culture of security from the top down. To ensure accountability company boards should include members specifically responsible for cybersecurity and operational resilience. Board and Senior Management should provide strategic oversight for developing and enhancing the operational resilience framework, governance and operating model. They will also be key to enforce a secure and resilient by design culture, prioritising critical services.
3. Close alignment between CIOs and CROs to ensure a proportionate response:
This is even more important given the Global outage highlighted great risks of the interconnected nature of global IT systems and the potential for an error to have outsized consequences. It is recommended there is mandatory reporting of cyber breaches and Board reporting on cyber risk (within their organisations and critical third parties).