On July 19th CrowdStrike deployed a faulty patch/configuration update for its Falcon sensor software. The effected devices were those PC’s and servers running Windows operating systems. The outage, which affected systems worldwide, including Windows virtual machines and the MS Azure platform, began rebooting and/or crashing at approximately 10:48 AM Eastern. (The affected systems also included those running Windows 10 and 11 that were running CrowdStrike Falcon). Machines running macOS and Linux were NOT affected. It was noted in a number of sources that there was a similar issue for devices running Linux in April 2024.

 At 9:27 AM Eastern, CrowdStrike deployed updated content. Devices that booted with this later content were not affected. 

NATURE OF THE ISSUE:

CrowdStrike’s CEO, George Kurtz, confirmed the issue was due to a faulty kernel configuration level file and NOT the result of a Cyber Attack. Given the AT&T data breach just 10 days ago on July 12th, and the fact that there have been 10 major Cyber Attacks or Data Breaches so far in 2024, it was not surprising for the general public, as well as all of the affected all types and sizes of businesses ranging from airlines to hospitals to federal agencies and retail stores to immediately think that another Cyber Incident was the cause of the ensuing outages caused by the configuration issue. Thankfully this was not a cyber-attack, however, this issue does point out just how vulnerable the organizations we critically reliant on are. 

THE FIX:

Should any organizations still be unable to fix their issues, there are a number of organizations, including CyberSecOp, that are able to help you with the relatively direct but painstaking task fix for the ‘outage’.

• Affected Machines can be restored by booting into safe-mode or the Windows Recovery Environment and deleting any .sys files beginning with C-00000291- and with timestamp 0409 UTC in the %windir%\System32\drivers\CrowdStrike\ directory. 

• This process must be done locally on each individual device.

• Someone will have to reboot the affected computers individually with manual intervention on each system.

• NOTE: Some Azure customers have had success by rebooting the affected virtual machines numerous times (10,12,15 times was not unheard of) while connected to Ethernet.
  NOTE: Microsoft has also recommended restoring from back-up from before July 18th. 

HOW AND WHY THIS HAPPENED

Though at this time we cannot be 100% certain as to what caused this issue, we can expect that one of the primary culprits was the lack of testing and validation of the configuration update prior to its release. As noted in last week’s posting from CyberSecOp, it is absolutely critical for organizations of all sizes, across all market segments to properly plan and establish policies for their use, deployment and on-going updating of their technology ecosystem. In this case, whether or not CrowdStrike has the proper plans and controls in place to ensure they have screened and tested their upgrades, patches and releases is not in question – what is being questioned, and far more importantly is - have they been followed. Further, are those organizations and their managed services providers; effected by this latest outage properly testing and validating ANY changes to their environments before deploying them in to production environments? Is the CMDB in place? 

THE MORAL OF THE STORY  …

Organizations must develop, iterate on, and adhere to robust policies and procedures to enhance their change management processes. From a risk management standpoint, organizations should reconsider their operational strategies to ensure that dependency on a single vendor does not impact all of their operations. Diversifying vendors and creating competitive hedges can be crucial in times of disaster. Questions organizations should consider asking their managed services providers include:

• Was this a planned update?

• What testing was conducted in non-production environments, and what were the results?

• What CMDB policies and procedures were overlooked?

Public services, such as police, fire departments, and medical response teams, are increasingly becoming targets for cyberattacks. These attacks can have devastating consequences, as they disrupt critical services that are essential for public safety. Below are the types of public services commonly affected; key points about the nature, risks, and implications of common cyberattacks on emergency services; and security measures that can be implemented.

Types of Public Services:

Public services encompass a wide range of essential functions provided by government entities at local, regional, and national levels. Some key types include:

• Transportation Services: Includes roads, highways, bridges, public transportation (buses, trains, subways), and traffic management systems.

• Utilities: Provides services such as electricity, water supply, sewage treatment, and waste management.

• Emergency Services: Includes fire departments, police services, emergency medical services (EMS), and disaster response agencies.

• Healthcare Services: Includes public hospitals, clinics, vaccination programs, and public health initiatives.

• Education Services: Includes public schools, libraries, and educational programs.

• Social Services: Includes welfare programs, social security benefits, housing assistance, and community support services.

• Environmental Services: Includes environmental protection, conservation efforts, and management of natural resources.

Cyberattacks that target public services include:

• Ransomware: Malware encrypts data and demands a ransom, paralyzing systems.

• DDoS Attacks: Overwhelm traffic systems, rendering them unusable.

• Phishing and Social Engineering: Trick personnel into divulging credentials or installing malicious software.

• Data Breaches: Access sensitive information for identity theft or further attacks.

• System Sabotage: Direct manipulation or destruction to disrupt operations.

The risks and implications of disrupted public services are significant. They could potentially cause critical response time delays, which could affect life-saving operations and public safety. Sensitive information such as health records and emergency plans can be exposed or stolen.

Organizational costs associated with ransomware payments, system restoration, and strengthening cybersecurity measures can pile up. Furthermore, reverting to manual operations can lead to inefficiencies and increased human error. Consequently, erosion of trust in emergency services could occur if an organization is perceivably vulnerable to cyber threats.

Luckily, there are many mitigation strategies to help prevent this from occurring, that involve advanced security measures such as:

1. Endpoint Detection and Response (EDR) Systems:

• Description: EDR systems monitor endpoint devices (e.g., computers, servers) for suspicious activities and respond to detected threats in real-time.

• Benefits: Essential for protecting network endpoints in critical infrastructure by providing rapid threat detection and response capabilities.

2. Security Information and Event Management (SIEM) Systems:

• Description: SIEM systems collect and analyze security data from various network sources to identify potential threats and facilitate incident response.

• Benefits: Centralizes monitoring and alerting, enhancing incident detection and compliance with regulatory requirements.

3. Network Access Control (NAC) Systems:

• Description: NAC systems manage network access based on security policies and endpoint health checks, ensuring only authorized devices and users connect.

• Benefits: Reduces the risk of unauthorized access and malware infections, critical for maintaining network integrity.

4. Vulnerability Assessment Tools:

• Description: Scans networks, systems, and applications to identify security vulnerabilities that attackers could exploit.

• Benefits: Prioritizes and addresses vulnerabilities proactively, reducing the attack surface and enhancing overall security posture.

5. Intrusion Detection and Prevention Systems (IDPS):

• Description: Monitors network traffic for signs of malicious activity or policy violations and takes automated actions to block or contain threats.

• Benefits: Provides proactive defense against network-based threats, safeguarding critical infrastructure like power plants and water treatment facilities.

 6. Systems Enhancing Cybersecurity:

• Operational Technology (OT) Security Systems:

• Description: Protects industrial control systems (ICS) and SCADA systems from cyber threats.

• Benefits: Safeguards critical infrastructure against attacks that could disrupt essential services.

• Incident Response Platforms:

• Description: Provides tools and workflows for managing and responding to cybersecurity incidents effectively.

• Benefits: Minimizes downtime and impact on public services by enabling rapid detection, containment, and recovery from cyber incidents.

• Cloud Security Platforms:

• Description: Secures data, applications, and infrastructure hosted in cloud environments, ensuring compliance and data protection.

• Benefits: Supports modern IT deployments in public services, mitigating risks associated with cloud-based operations.

• Governance, Risk, and Compliance (GRC) Systems:

• Description: Manages cybersecurity risk, compliance with regulations, and governance processes.

• Benefits: Helps align security initiatives with business goals, maintain regulatory compliance, and effectively manage cybersecurity risks.

• Collaborative Threat Intelligence Platforms:

• Description: Facilitates sharing of threat intelligence among public service providers, government agencies, and cybersecurity organizations.

• Benefits: Enhances situational awareness, enables early threat detection, and supports proactive defense measures against evolving cyber threats.

 Implementing these advanced tools and systems is essential for public services and utilities to strengthen their cybersecurity defenses. By investing in modern technologies and strategic initiatives, they can ensure the continuity and reliability of critical infrastructure operations, safeguarding communities from cyber threats.

Planning for Disruptions: Why It Matters

In today's unpredictable business climate, strategic planning is no longer a luxury; it's a necessity. Gartner's research tells us that 71% of organizations have inadequately clear objectives, inadequate planning processes, and disengaged leadership. This lack of preparedness leaves them vulnerable. Furthering a leading cause of cyber incidents, human error.

By prioritizing a formal strategic planning process, you can mitigate risks and capitalize on emerging opportunities, leaving your organization secure, and focused on growth.

Transforming Strategy into Actionable Results

Research also highlights a critical gap in agility: only 29% of organizations proactively plan and review plans regularly. This lack of prioritized responsiveness hinders an organization’s ability to adapt to changing environmental dynamics.

Through our advisory services, CyberSecOp bridges this gap by helping you quickly and precisely turn proactive strategies into actionable plans. We provide a comprehensive adaptive process including people and toolkits to overcome common planning pitfalls, creating a clear, actionable roadmap for your organization's success.

Data-Driven Decision Making for Enhanced Efficiency and Growth

CyberSecOp empowers you to leverage the power of analytics, machine learning and alternate learning platforms to optimize operational efficiency enhancing your ability to anticipate shifts in the market. But we don't stop there. We guide you in aligning strategic goals with tangible, measurable indicators that drive long-term growth and competitive advantage. Our platform ensures seamless alignment across functions and business units, maximizing your collective efforts towards shared goals.

Enterprise Empowering Personal Success

At CyberSecOp, we believe that the success of the enterprise and the personal success of its leaders and employees are deeply interconnected. Our data-driven approach not only aims to optimize your organization's performance but also to empower each individual within the company. By providing actionable insights and robust frameworks, we equip you with the necessary culture to succeed, make informed decisions, enhance leadership capabilities, and drive meaningful organizational change.

Stay Ahead of the Curve with Adaptive Strategic Planning

CyberSecOp advocates for adaptive strategic planning. This approach emphasizes flexibility, responsiveness, and continuous scanning of the business landscape. You'll continuously test, adjust, and refine plans based on real-time data and insights. This agility allows you to seize opportunities earlier, outmaneuver competitors, and remain a leader in the ever-evolving digital landscape.

the role of the Chief Information Security Officer (CISO) has evolved into a senior-level executive whose responsibilities traverse areas of technology, risk, and compliance. CISOs have a fiduciary and legal responsibility to their respective organizations, the board, and the public. As a leader for ensuring compliance, the gatekeeper and protector of Intellectual Property, Business Enablement and fortifying the enterprise’s digital ecosystem the CISO is a business influencer! .

As organizations increasingly digitize their operations, ingest more data, and adopt AI initiatives, the CISO stands at the forefront of risk and compliance, ensuring that cybersecurity measures safeguard against the evolving threat landscape, mitigating risk while also enabling threats and supporting our business’s ability to grow and innovate

Developing a Robust Cybersecurity Program

Per Gartner, by 2027, 75% of employees will engage with technology outside the visibility of IT—significantly higher than the 41% reported in 2022. This underscores the CISO's challenge to secure an increasingly decentralized technology landscape while enabling agile and secure digital transformation through the adoption of AI, advanced machine learning, and automation throughout the enterprise.

Embracing Generative AI in Cybersecurity

Generative AI represents a transformative opportunity and challenge for CISOs. As Jeremy D'Hoinne, VP Analyst and KI Leader at Gartner, emphasizes, CISOs must navigate the complexities of generative AI to secure critical business applications of effectively of integrating AI-driven technologies like ChatGPT marks just the beginning of how AI will reshape cybersecurity practices, demanding proactive strategies to harness its benefits while mitigating risks.

Technology Adoption, Security Risk Management and Leveraging Gartner's Cybersecurity Roadmap

CyberSecOp is an award-winning, Gartner-recognized global cybersecurity consultancy. Gartner’s IT Roadmap for Cybersecurity offers a comprehensive guide based on experience, extensive research and insights from thousands of organizations across diverse sectors. It outlines best practices and key stages necessary for executing effective cybersecurity initiatives. CIOs, CISOs, and security leaders can leverage this roadmap to navigate complex security challenges and align cybersecurity strategies with business objectives. Further, CyberSecOp has effectively platformed a programmatic approach to The Technology Adoption Roadmap for Security and Risk Management, which highlights 49 key technologies categorized by adoption phase, deployment risks, and enterprise value. This roadmap operationalizes and helps prioritize investments and strategies to mitigate risks and effectively establish risk tolerances.

1. Cloud Access Security Brokers (CASB)

2. Endpoint Detection and Response (EDR)

3. Zero Trust Network Access (ZTNA)

4. Security Orchestration, Automation, and Response (SOAR)

5. Deception Technologies

6. Security Information and Event Management (SIEM)

7. Identity Governance and Administration (IGA)

8. Data Loss Prevention (DLP)

9. Container Security

10. Network Traffic Analysis (NTA)

11. Threat Intelligence Platforms (TIP)

12. Encryption Technologies

13. Mobile Device Management (MDM)

14. Vulnerability Assessment and Management

15. Incident Response Platforms (IRP)

16. Application Security Testing (AST)

17. Behavioral Analytics

18. File Integrity Monitoring (FIM)

19. Cloud Workload Protection Platforms (CWPP)

20. Data Encryption Gateways

21. Microsegmentation

22. Security Ratings Services

23. Network Access Control (NAC)

24. Web Application Firewalls (WAF)

25. Privileged Access Management (PAM)

26. Security Awareness Training

27. Remote Browser Isolation (RBI)

28. Blockchain Security

29. Email Security Gateways

30. Endpoint Protection Platforms (EPP)

31. Database Security

32. Security Configuration Management

33. Security Operations Centers (SOC)

34. API Security Management

35. Backup and Recovery Solutions

36. Cloud Security Posture Management (CSPM)

37. Deep Packet Inspection (DPI)

38. Multi-Factor Authentication (MFA)

39. Security Policy Management

40. Security Incident and Event Management (SIEM)

41. Next-Generation Firewalls (NGFW)

42. Data Masking and Tokenization

43. Insider Threat Detection

44. Patch Management

45. Security Awareness Training

46. Risk Assessment Tools

47. Digital Rights Management (DRM)

48. Forensic Analysis Tools

49. Network Segmentation Tools

These technologies are crucial for organizations looking to enhance their security posture, manage risks effectively, and align their security strategies with business objectives. Gartner's categorization helps security and risk management leaders prioritize investments and initiatives based on the adoption phase, deployment risks, and enterprise value of each technology.

Today's digital landscape looms large with cyber threats, and ever changing compliance and regulatory requirements organizations are increasingly turning to Virtual Chief Information Security Officers (VCISOs), Virtual Chief Technology Officers (VCTOs) and related outside counsel to bolster their defenses and ensure compliance. These virtual roles offer specialized expertise and strategic guidance without the overhead costs associated with full-time executive positions. For enterprise organizations, having the ability to engage an independent third party to validate ideas, policies and processes while also providing guidance and support to the technical executive suite is a key differentiator.

Let's explore why organizations are embracing VCISOs and VCTOs and how these professionals are essential in protecting systems and ensuring compliance.

Expertise in Cybersecurity

Cybersecurity threats are evolving at an alarming rate, with sophisticated attacks targeting businesses of all sizes. VCISOs play a crucial role in developing, implementing and validating robust cybersecurity strategies tailored to an organization's unique needs. They bring extensive experience in threat assessment, risk management, incident response, and security best practices. By partnering with a VCISO, organizations gain unbiased access to up-to-date knowledge and proactive measures to mitigate risks.

Strategic Technology Leadership

Technology, the backbone of modern enterprises, driving innovation, efficiency, and growth also can be our Achilles heal if not properly governed

VCTOs focus on strategic oversight of an organization's technology infrastructure and operations. They ensure technology investments align with business objectives while optimizing performance and scalability while managing the threat landscape. From cloud adoption to digital transformation initiatives, VCTOs offer invaluable insights and guidance to navigate complex technological landscapes.

Cost-Effective Solution

VCISOs and VCTOs offer cost-effective solutions that provide expertise on an as needed and scheduled basis. This allows organizations to access top-tier talent with the flexibility and level of enablement organizations can use to address their needs and priorities.

Compliance and Regulatory Adherence

Compliance has become non-negotiable in an era of stringent data protection regulations such as GDPR, CCPA, and HIPAA. VCISOs and VCTOs are well-versed in regulatory requirements and industry standards, ensuring organizations adhere to relevant laws and guidelines. They validate established governance frameworks, conduct audits, and implement controls to safeguard sensitive data and maintain regulatory compliance. With the benefit of being an independent third party, VCISOs and VCTs are able to provide the oversight and governance auditors require and insurance companies appreciate, further mitigating financial risk and exposure.  

Tailored Solutions for Diverse Industries

Whether in finance, healthcare, or manufacturing, these virtual executives collaborate closely with internal teams to align security and technology strategies with organizational goals. It is important to keep in mind that every industry faces unique challenges and changing regulatory landscapes.

Conclusion

Having access to VCISOs and VCTOs is key to enhancing an organizations strategic advantage as the technical and threat landscapes continue to evolve. By leveraging the skills of VCISOs and VCTOs, organizations are better positioned against cyber threats, optimize technology investments, and maintain regulatory integrity, safeguarding their reputation and sustaining long-term success.