The CrowdStrike and Microsoft Outage Aftermath: Next Steps for Technology Advisors

By Jeff Hathcote, Solution Architect – Security, Telarus

While unintentional in nature, the recent CrowdStrike outage caused disruptions that reverberated throughout the global IT community. And while CrowdStrike and Microsoft are hard at work to rectify an estimated 8.5 million computers affected worldwide, guess who’s hard at play taking advantage of the situation? Cybercriminals and their phishing schemes. Now is the time to work with your customers to help them understand the implications of the outage, and the importance of prioritizing resiliency plans.

The Vital Role of Advisors and Essential Discussion Points

In the aftermath of the CrowdStrike outage, you have a critical role to play as an advisor. You can offer your customers much-needed guidance on navigating this crisis in two ways: 1) Helping them comprehend the situation, and 2) Advising them on how to strengthen their defenses to avoid a similar disaster from impacting their own organization. (Remember, any sized company is vulnerable to modern cyber threats.)

1) Understanding the Outage

Advisors should explain the cause of the CrowdStrike outage and its impact in a sufficient amount of detail. This will help customers grasp the severity of the situation and the need for any immediate action.

It is important to note that the CrowdStrike/Microsoft outage was NOT a cyberattack. The incident began with a software update. As part of its ongoing threat protection, CrowdStrike regularly updates its sensor with the latest threat data. In this instance, the update violated a protected memory address within the Microsoft Windows environment, causing the operating system to encounter a critical error, resulting in the ubiquitous “blue screen of death” where an affected device is unable to recover on its own. The workaround to the issue involved a very manual process, requiring users to log in to each machine under “safe mode” and remove the registry key that contains the faulty code.

This event shows just how connected technology products are within our ecosystem, and one failure can cause a devastating impact on an entire infrastructure.  While both CrowdStrike and Microsoft are working diligently to assist in recovery efforts, we all need to be aware of the potential for secondary attacks from cybercriminals based on information collected via a phishing attack. 

2) Learning from the Incident: How to Outsmart the Bad Guys

Within hours of the incident on July 19, CrowdStrike warned of malicious activity trying to exploit the outage. One primary method that cybercriminals are using is to send phishing emails purportedly from CrowdStrike (or Microsoft) using “spoofed” addresses (i.e., somebody@crowdstrikeoutage.com) with malicious attachments or simply to gather information for a later compromise. CrowdStrike and Microsoft are working around the clock to provide guidance as well as potential tools to assist with recovery.

Advisors can guide their customers on how to prevent falling for such tactics, such as not opening any emails from unofficial addresses posing as CrowdStrike support, and questioning any phone calls from CrowdStrike staff; they are likely impersonators.

Additionally, this unfortunate incident opens up the conversation for developing (or revisiting) a robust cybersecurity prevention and recovery plan. With access to a breadth of cybersecurity providers, solution architects, and managed services, you have the opportunity to help your customers with their entire strategy – from organization-wide cyber training, to IT outage response plans, to infrastructure automation for disaster recovery, to third-party risk management programs.

My colleague Koby Phillips reminds us:

“This high-impact event emphasizes the urgency to keep resiliency plans current, communicated, and understood within the organization to avoid the types of customer disruptions experienced since July 19. Like other industry disruptions this year, this event creates conversation opportunities for technology advisors to have with their customers about how to best prepare their organization for these inevitabilities.”

– Koby Phillips, VP of Advanced Solutions – Cloud, Telarus

Final Thoughts

While the CrowdStrike outage presents significant challenges, it also offers a reason for immediate outreach to your customers and prospects while demonstrating further value to them. By offering expert guidance and leveraging essential discussion points, advisors can assist their clients in navigating this crisis and emerging stronger and more resilient.  

In the spirit of resilience, it is crucial to ask clients: “Which components or upstream vendors in your environment are you dependent on? Are you considering resiliency around those as well?” This questioning encourages clients to think critically about their dependencies but also underscores the importance of resilience planning.  

In every crisis lies an opportunity. For advisors, this is that opportunity. 

Looking for more on this topic? Check out the Telarus High Intensity Technology Training (HITT) video here.