On Friday July 19, 2024, the world woke up to a major tech outage as a routine update from security software vendor CrowdStrike inadvertently caused computers to crash worldwide. Flights were cancelled, hospitals were shut down, and banking was disrupted. CrowdStrike clarified early in the day that the incident was NOT a cyber attack, but rather a (really) bad update, and a fix was available pretty quickly. Still, undoing the damage was a major effort. What can we learn from this?
We Need our Computers to Work
In today’s interconnected world, we all rely heavily on computers and digital technology. This dependency, while crucial for efficiency and growth, also introduces complexities and vulnerabilities that must be managed. Recently, a security update led to a significant network outage, causing frustration and skepticism among many local small business owners about the necessity and value of cybersecurity measures. Let's explore why, despite these challenges, investing in cybersecurity remains imperative. Over the years I've had so many conversations with local business owners. Cybersecurity costs money, and yes, it's true that it adds some complexity to our networks. This past week I remembered a specific conversation I had with a practice manager of a local medical practice. He said that if he added security and something didn't work his job would be on the line, and if he didn't add security and they got hit with a cyber incident his job would be on the line, so he couldn't win and therefore decided to spend less. Hey, it would be really easy to just have one simple, easy-to-remember password, never use multifactor authentication, and to not have to spend money on cybersecurity protections that are hard to pronounce. However, there's so much money in cybercrime, and modern threats are often automated and indiscriminate, so anyone can be a victim of cybercrime, and we're all in a position where we have to protect ourselves.
The Interconnected World We Live In
Every day, we use computers to manage finances, communicate with clients, store sensitive data, and streamline operations. These devices are integral to our business processes, enabling us to achieve tasks quickly and efficiently. However, this interconnectivity also means that a single vulnerability can have widespread repercussions.
We Depend on Computers
Our reliance on computers is non-negotiable. Point-of-sale systems, customer databases, shipping software, on-line banking, even lunch delivery - the technology we use is at the heart of our operations. When a network outage occurs, it’s a stark reminder of how much we depend on these systems. But it's important to recognize that these disruptions, while inconvenient, are part of a broader strategy to protect our digital assets.
Technology is Complicated
The technology landscape is incredibly complex. The more I learn about technology, the more amazed I am that anything actually works in the first place! Each device, application, and system interacts with others in myriad ways, creating a web of interdependencies. This complexity means that updates, while sometimes disruptive, are necessary to patch vulnerabilities, improve performance, and enhance security. Without these updates, the risk of a security breach increases significantly, which could lead to far more severe consequences than a temporary outage.
The Impact on the Supply Chain - We're All In This Together
Our businesses do not operate in isolation; they are part of a larger supply chain that relies on seamless digital communication and data exchange. A security breach or network outage can disrupt this chain, affecting not only your business but also your suppliers and customers. Ensuring robust cybersecurity measures helps maintain the integrity and reliability of the supply chain, minimizing the risk of widespread disruptions and maintaining trust among all parties involved. At Ekaru, we work with a different EndPoint Detect and Response (EDR) solution, so our community wasn't directly impacted by the CrowdStrike incident, but we had several calls from medical offices that work with the local hospital system, and THEIR systems were down.
The Impact of Security Updates
It’s worth noting that only about 1% of computers worldwide were affected by the recent security update. However, the impact felt by those affected was substantial. This highlights the dual-edged nature of technology: while it empowers us, it also requires diligent management. Security updates are a critical component of this management, ensuring that systems are protected against evolving threats.
The True Cost of Inadequate Security
While the immediate cost and complexity of implementing robust cybersecurity measures may seem daunting, the long-term benefits far outweigh these initial investments. A security breach can lead to loss of sensitive data, financial damage, and a tarnished reputation. In contrast, a well-maintained security infrastructure provides peace of mind and a safeguard against these potential threats.
Embracing Cybersecurity
Despite the recent network outage, it's crucial to stay committed to cybersecurity. These measures are designed to protect your business in an increasingly digital world. Embrace the complexity, invest in the necessary protections, and recognize that the occasional inconvenience is a small price to pay for the security of your business.
Your Local Business Still Needs a Robust Security Plan
We'll be reading about Friday's technology meltdown for months to come. Already, cyber criminals are hosting fake support sites to further victimize people - Round 2 will be all the damage caused by phishing incidents. Do you have a robust cybersecurity training plan for your employees? Will they know not to click on those emails? Take a moment to think about the impact of business disruption for YOUR business, and now is a good time to think through your plan. Simple things like just having a communication plan that works when all our computers are down can make a big difference. What will you tell customers? What will you tell employees? What is the cost per day of an outage? What are your most important systems to get back up and running again? If you were one of the lucky ones who weren't greatly impacted by Friday's meltdown, don't just shrug it off - take a moment to learn from the events.
Remember, the goal is not just to react to threats, but to proactively protect against them. Stay informed, stay protected, and continue to prioritize cybersecurity in your business strategy.
Ekaru is here to help you create a technology and cybersecurity plan and even if you want to just have a short conversation to address a few questions, we're here to help!