Business continuity lessons from the CrowdStrike outage

Whether or not you are a CrowdStrike user, the mass outage event has brought business continuity and crisis management into sharp focus.  

The interconnectedness of supply chains, our dependence on technology and the global reach of the incident reminds us that we need to be prepared to respond to incidents quickly and efficiently.

As the dust settles and organisations review the lessons learnt from the incident, what can you be doing now to be better prepared for a similar occurrence? 

Communications 

Communication is one of the most critical components of any response strategy, yet is often the one many organisations get wrong. Ensuring your stakeholders are aware of what’s happening and how you’ll update them makes for a much smoother response, and means there will be less damage to your reputation.  

What to do now 

• Ensure your stakeholder maps are current – knowing who to communicate with during a crisis is critical. 
• Review your communication strategies and where possible, draft message templates so you are prepared. 
• If you have an in-house communications team, or a PR agency on retainer, meet with them and discuss strategies for a range of scenarios, not only those involving a cyber incident.  

If you don’t have a communications strategy, or access to skilled specialists, seek help and ensure you update your plans accordingly.  

Plans 

Plans come to life when they are actively used and response teams understand their roles and responsibilities. While plans won’t necessarily offer solutions for every type of incident, consider whether you can improve them based on the lessons you’ve learnt from this recent disruption.  

What to do now

• Ensure your plans are robust – for example, do you know how your team will come together and under what circumstances?  
• Feed any lessons you have learnt from this disruption into your plan and circulate to all response team members. 
• Run an exercise using a severe yet plausible scenario to test the plan and response team. Remember that a cyber incident response requires more than just an IT response.  

Supply chain assurances 

You may rely heavily on your suppliers to enable you to provide critical good and services. Or you may be a critical link for other organisations to ensure they can continue to operate. Understanding your supply chain dependencies is essential during disruption. 

What to do now

• Review your supply chain mapping and ensure understanding of dependencies. 
• Consider your concentration risks – that is, do you rely on a supplier who also provides a critical service to many others? Are there alternative suppliers available and should you consider using them?  
• Ensure contact details for your critical suppliers are up to date and consider your communication channels. How will you communicate with one another during a disruption? 

Insurances and costs 

Business interruption and cyber insurances can be helpful in managing the costs of an incident, however each policy will have specific terms.  

What to do now 

• Review your policies and cover and determine whether they are sufficient for your organisation’s needs. 
• Speak with your brokers to determine whether there might be better or more appropriate cover available. 
• Ensure details of your policies are noted in your plans, and if there are specific requirements, make sure these are recorded as well. For example, you may need to notify your insurer of a cyber incident within a specific time frame for cover to be available.  

Scams  

This incident has reinforced the fact that scammers will use any available channel to mislead innocent victims. That victim could be your organisation, or your clients or customers. 

What to do now

• Ensure you are using approved channels of communication with suppliers to update systems. 
• Communicate with your clients or customers to reiterate the way you will communicate with them, and remind them that you will not ask them to click on links or provide personal information.  

Conclusion 

The global outage demonstrates that organisations need to be prepared for any type of disruption. Exercising your teams and testing your plans means that you will have muscle memory for responding quickly and efficiently, even if the scenarios you’re testing aren’t exactly replicated in real life. Just considering how you could be impacted is a good start for any organisation.  

Also, thinking about how an incident such as this one will impact your supply chain helps your preparedness. While your organisation might not be directly impacted, your services might still be disrupted because of a key supplier issue. Many organisations may have not considered that significant players such as Microsoft and CrowdStrike could have caused global disruptions. The cost of lost business, and service disruption will bring business continuity and resilience into sharp focus for many organisations, particularly those who don’t have plans and practiced teams in place.  

For organisations which invoked their plans, regular, clear communication with stakeholders will have been key. The way you communicate during a crisis or disruption determines your reputation now and in the future.