Gartner’s Post

For those dealing with CrowdStrike issues today, below are some quick recommendations to mitigate risk. Keep in mind that attackers will use this as an opportunity to target employees who think they are from your IT service desk. #crowdstrike #cybersecurity #Ottawa

Today's Crowdstrike outage has created an enormous amount of stress. There is no time to think twice. Attackers are opportunistic. They take advantage of urgent stressful situations. The current incident is one of those opportunities.   Your employees may be unwilling to wait an hour in the queue for IT support, and they will try to find a solution themselves. Self-service remediation creates opportunities for attackers, who will send an email, text message or social media post with links to "remediation steps" or "automated recovery scripts" that actually point to malicious content. These links may show up in search as well.    I recommend that you: 1. Publish "official guidance and links" internally quickly 2. Use crisis communication channels to ensure everyone knows what the right process is and where the trustful content is 3. Warn them about the existence of these attacks 4. Get your security operation teams to monitor for unusual activities, and to be prepare to investigate these activities later, when the malicious sites are identified

Morning! For my security folks in my network - Chris Howard and Jeremy D'Hoinne from Gartner are posting several resources since this morning on advice for next steps. Please don't hesitate to reach out to me if I can connect you with your peers in any way to help. Insight from Gartner for IT Analyst Jeremy D'Hoinne on today's Crowdstrike outage ⬇️ #StrongerTogether #EvantaCISO #DallasCISO

If you are one of the many waiting to get into your corporate computer, here is a good reminder to follow company protocols and do not go off book. Attackers wait for moments like today to find vulnerabilities within your organization.

A quick guidance for #CISO on the response to the #CrowdStrike outage:

There is no time to think twice! 此次Crowdstrike outage 造成全球大癱瘓，除了IT主管外，Gartner 分析師在第一時間也建議CISOs資安長迅速採取下列的措施，防止危機更進一步擴大： 1. Publish "official guidance and links" internally quickly 2. Use crisis communication channels to ensure everyone knows what the right process is and where the trustful content is 3. Warn them about the existence of these attacks 4. Get your security operation teams to monitor for unusual activities, and to be prepare to investigate these activities later, when the malicious sites are identified

Getting off the Attack Surface Hamster Wheel: Identity Can Help IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.  The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using #

👉 The recent #CrowdStrike incident with an invisible update highlights several potential #risks: 🍁 System Instability: Unforeseen bugs or compatibility issues in the update can cause crashes, such as the Blue Screen of Death (#BSOD), leading to unexpected downtime and potential data loss. 🍁Lack of Awareness and #Control: Users are unaware of the update's content and cannot prepare for potential issues or schedule updates during downtime, frustrating IT professionals managing critical systems. 🍁Business #Disruption: System crashes from the update can disrupt business operations, causing lost productivity, delays, and financial losses. 🍁Security Concerns (Indirect): Although the update itself wasn't a security vulnerability, its invisibility could raise concerns, as malicious actors might mimic invisible updates to install malware unnoticed. 👉These risks affect different parties: 🍁Individual Users: Face potential data loss, frustration from unexpected crashes, and workflow disruption. 🍁IT Professionals: Encounter difficulty troubleshooting, managing user concerns, and potential blame for downtime. 🍁#Organizations: Suffer from lost productivity, financial impact, and potential reputational damage. While automatic #updates are #crucial for security, the CrowdStrike incident underscores the need for a #balance between #automation and #userawareness. https://lnkd.in/ePBiNqW2

URGENT CYBERSECURITY ALERT - July 19, 2024 A faulty update from cybersecurity provider #CrowdStrike has caused widespread failures of #Windows systems worldwide. The impact is severe: banks, airlines, broadcasters, and many other industries are experiencing significant downtime. Key points: ❌Thousands of Windows machines are affected by BSOD errors. ❌Systems are unable to boot, paralyzing business operations. ❌ The issue is impacting organizations globally. Recommendations: ✅ Immediately contact your IT teams. ✅Check if your systems are affected. ✅Prepare a contingency plan for potential outages. ✅Consider temporarily halting security updates. This incident underscores the critical importance of: ☑ Regular data backups ☑Testing updates before deployment ☑Having a business continuity plan. As the crisis unfolded, I couldn't help but think of the countless times organizations had pushed updates to production without thorough testing. "It'll be fine," they'd say, having grown accustomed to things always working out. But today showed the devastating consequences of that complacent mindset. This incident serves as a powerful reminder of the critical importance of proactive system development, rigorous testing, and meticulous maintenance in today's digital landscape. Now, IT leaders face a moment of truth. Will they continue with business as usual, having abandoned security principles out of habit, or will they learn from this wake-up call? As an IT community, I believe, we must learn from this event. I encourage sharing experiences and best practices in the comments. Let’s support each other. #CybersecurityAlert #ITDisaster #MicrosoftOutage

Enhance your incident response with the latest tools and technologies. Discover how to streamline your IR process and boost your effectiveness in my new article. https://lnkd.in/dg8ZH4Uq #IncidentResponse #CyberSecurity #TechTools #IRProcess