CrowdStrike chaos, SaaS provider hit with ransomware, the impact of AI on cybersecurity, 60% of ransomware victims caused by missed patches

CrowdStrike chaos, SaaS provider hit with ransomware, the impact of AI on cybersecurity, 60% of ransomware victims caused by missed patches

By John Bruggeman, virtual Chief Information Security Office


CrowdStrike chaos

With 8.5 million computers around the world taken down in a CrowdStrike software update on July 19, it was not a good day for millions of people. CrowdStrike’s patch for their endpoint protection software caused the Windows PCs and servers to crash.

Many airlines around the world had to cancel thousands of flights due to application servers crashing, displaying the dreaded “Blue Screen of Death,” or BSOD, which impacted hundreds of thousands of people. This incident impacted hospitals, banks, and even Starbucks.

CrowdStrike and Microsoft found the problem quickly and provided a fix within hours, but the fix required hands on the keyboard of the impacted computers. You literally have to reboot the computer in safe mode, a special mode used to repair the operating system and delete the system file from CrowdStrike that caused the issue.

The details of how this happened are still coming out, but this rare occurrence should not cause people to avoid patching their computer systems and running automatic updates from end-point protection software like CrowdStrike.

The reason for updates and patches is to avoid attacks, like a ransomware attack. If the patch from CrowdStrike fixed a zero-day vulnerability, the pain of downtime from this incident is worth preventing a ransomware attack.

Why do I say that?

In a ransomware attack, you can have downtime and extortion. What you don’t have is the vendor helping you fix the problem.

Is this experience painful? Yes, of course it is. Is there a loss of revenue? Yes, of course. Are you fixing this all on your own? No. CrowdStrike is helping impacted customers, and Microsoft is helping customers.

Is a ransomware attack more painful? Yes, by a factor of ten.

This is what happens in a ransomware attack:

  • Your company is down or offline for days or weeks. Many impacted companies take weeks and months to fully recover.
  • Your company and customer data are exfiltrated and used against you, either because they are encrypted or because there is a threat of a leak.
  • A ransomware attack where they leak the data requires data breach notifications in many U.S. states and abroad.
  • You must determine if you want to pay the ransom, which can be thousands to millions of dollars.
  • You now need to review your entire environment to look for persistence by the criminal.
  • Recovery costs can be four to five times more than the ransom demand.
  • Legal or regulatory requirements or damages may be imposed.
  • Your customers or shareholders might sue you.

What to do?

Patch your environment but do it in test mode before you roll it out to production. Also, ensure you have proven methodologies and practices to roll back a patch update in the event the patch causes a major disruption or worse.

Contact CBTS today to learn about their integrated patch management solutions capable of providing timely, tested updates to IT systems, which help organizations secure their digital assets and protect against potential security threats or breaches.

SaaS provider hit with ransomware, impacting 15,000 car dealerships

Here is an example of why companies need to evaluate their supply chain.

A major car dealership with a Software-as-a-Service (SaaS) platform was hit with a ransomware attack on June 18, and then was hit again the day after while they were recovering from the first attack.

This cybersecurity attack crippled over 15,000 car dealerships, impacting their ability to sell cars, repair cars, contact customers, and virtually everything the dealerships need to do to function.

The provider is still not back online more than two weeks after the attack; this ransomware incident might even impact GDP.

What to do?

Do you have a third-party risk management program (TPRM)? You need one for your critical vendors. If you don’t have one we can help. Our cybersecurity consultants are here and available to help your systems be more secure.

What is the impact of AI on cybersecurity?

AI is on everyone’s radar, everyone is talking about it, but how does it impact cybersecurity? Discover how AI is transforming cybersecurity and the key concerns it raises for CISOs.

Recently, cybersecurity expert Ryan Hamrick, CBTS Security Consulting Services Manager, and I discussed the evolving threat landscape, AI-powered attacks, data privacy, integration challenges, and skill gaps. Learn strategies to address these challenges and protect your organization.

In this video, we talk about new risks and new tools to help spot the threats and protect your environment. This blog is another resource you can read on the topic.

60% of ransomware victims vulnerable because of missed patches  

I preach about doing the basics to be more secure, and patching your stuff is basic, boring, but critical work. Security researchers have reported time and time again that anyone who is compromised or suffers a ransomware incident have not done the basic work to patch their systems.

Successful patch management requires vigilance, proven methodologies, and tested processes.

Patching is a time-consuming process for IT admins, and the increasing prevalence of remote work and extensive cloud utilization has made IT environments more challenging to patch than ever before—which is why people don’t like to do it.

What to do?

CBTS offers Patching as a Service for any size organization. You could be a hospital with 6,000 endpoints, a retail food chain with 1,000 servers, or a financial services firm with 25 servers. Size doesn’t matter—we can help you do the basic, fundamental job of patching your stuff.

Patching as a Service identifies, tests, and installs software patches and updates for data center networking equipment, operating systems, and applications to remediate security vulnerabilities.

Patching is critical to system administration because it helps keep software up-to-date, secure, and reliable. Patch management often involves automating the patching workflow with management software, vulnerability scanners, and monitors. The process involves a system-wide approach to understanding potential vulnerabilities and risks.

You can watch a video about it here. I promise, it’s a lot more interesting than applying the patches themselves.


About the author

John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO



Judy Sanker, PMP, ITIL 4® MP

also ITIL Expert v3, Prince2, SRE, DevOps, Agile SM, ITSM4DevOps

5mo

Thanks for sharing, interesting!

Sumathi Jagadeesan

Sr., Java Full Stack Developer

5mo

Thanks for sharing . Good insight .

Dorrin Prophet

“CEO, Founder @ One Vertical Tier, Inc. | Enhancing Strategic Analytics, IT Optimization & Scalable Solutions | Innovating Data for Business Growth”

5mo

Great insight! Thank you. CBTS

Josh Sizemore

SaaS Account Executive // Bolster Tech Stack Security Posture // Mitigate Risk // Enhance Compliance // Private & Public Sector Sales Excellence

5mo

Great perspective, thanks for sharing.

To view or add a comment, sign in

More articles by CBTS

Insights from the community

Explore topics