Entrepreneur Media’s Post

Definitely a call to action for disaster recovery planning and testing, testing, and testing again to sustain and improve cyber resilience. I am interested in learning more about the the Cyber Safety Review Board after-action reporting, and public / private partnership improvement plans that will be outcomes of this event. Have a plan. Test, test, and test again.

The CrowdStrike outage is wreaking havoc around the world this morning. Check out the latest security alert on the CMA Technology Solutions blog with details about the outage and what you can do to stay updated until there is a fix deployed!

❗ IMPORTANT❗ Australia's Minister for Home Affairs and Minister for Cyber Security, Clare O'Neil, issued a warning that scammers are looking to take advantage of the Crowdstrike incident ➡️ https://hubs.li/Q02HlLvQ0 Three tips to avoid being scammed: 1️⃣ Do NOT reply to anyone claiming they can help reboot your Windows system. 2️⃣ NEVER provide personal details over the phone, text, or email, even if they claim to be a Crowdstrike employee. 3️⃣ Report any suspicious activity to relevant authorities. UpGuard is fully committed to helping users and organizations respond to the CrowdStrike incident safely and ensuring they have the information needed to mitigate its effects across their third and fourth-party ecosystems. Users of our Concentration Risk module can get a sense of CrowdStrike’s fourth-party impacts. In the meantime, for any other questions, feel free to contact us for any help or questions. Refer to our blog for more details on how to respond to the Crowdstrike incident ➡️ https://hubs.li/Q02Hm2HG0

Probably the most interesting commentary on the CrowdStrike "incident" I've read: "CrowdStrike exposed an entire chain of vulnerabilities in vital industries. Banks, hospitals, airlines, and other sectors used software that doesn't belong on critical systems on their critical systems. They didn't test updates before deploying, didn't have adequate backup/restore processes, didn't have (or didn't deploy) appropriate emergency responses, and they lacked the technical capability to fix essential systems. None of that should be blamed on CrowdStrike. If anything, CrowdStrike should be seen as a warning: if one small company can do this by accident, what happens when an adversary tries to do it on purpose?" https://lnkd.in/dkXDaA5p

By now, we’ve all heard about the CrowdStrike outage that affected both businesses and individuals globally. I am proud to say that almost all of our clients at PCI were protected, but unfortunately, many others were not so lucky. Although the initial issue has mostly been resolved, this incident has created opportunities for criminals and threat actors. These malicious actors are exploiting the situation, knowing that corporate tech teams will seek quick, easy, and automated solutions to address the outage. Experts warn that many of these solutions are scams, potentially leading to more damage and actual data loss. Were you or your business impacted by this outage? If so, what steps are you taking to mitigate this risk in the future?

Have you seen this article on the CrowdStrike outage? Curious how this event has changed your thoughts and strategy when it comes to security and process? https://lnkd.in/gS3rSspf

CrowdStrike have themselves not been above sniping at other vendors, so when SentinelOne and Trellix start taking potshots I’m not overly sympathetic. However, any vendor that comes to me with a story designed to play on an emotional, fearful reaction to the July 19th incident, claiming how their “philosophy” or “different approach” makes them so much better is going to experience a real hard time. The reality, as any competent IT professional knows, is that life is full of sacrifices and hard choices. No kernel access? Less visibility. More QA? Slower release time for critical updates, higher price. Arrogant vendor? Testy non-customer. Were mistakes made? Most definitely. But I’d rather work with someone who makes, acknowledges and fixes mistakes than someone claiming perfection, and I’m far from the only CISO who thinks that way. Keep that in mind as you’re writing up your press releases… https://on.ft.com/3Audw9X

House lawmakers are now calling for CrowdStrike CEO George Kurtz to testify about Friday's faulty software update, which affected about 8.5 million Windows devices. A CrowdStrike spokesperson says the company is in conversations with key congressional committees. The call comes as the fallout from Friday's outage continues to grow: Delta canceled more than 800 flights on Monday, and scammers are targeting customers with phishing emails and malware. The questions I'm asking myself heading in to the next few days: How lasting will the scrutiny against CrowdStrike last? And how effective will their crisis comms strategy be in curbing some of the backlash? More for Axios: https://lnkd.in/eiJzPhVk #technews #cybersecurity

An interesting article this weekend about Crowdstrike looking to purchase Action1. Action1 would add automated vulnerability manager and patch management to the Crowdstrike platform. I believe it would be a good addition to its already great lineup. https://lnkd.in/g_U65ehK