CrowdStrike one year on -- what have we learned?

Tomorrow -- July 19th -- marks a year since the CrowdStrike outage, which saw major disruption to Microsoft systems around the world caused by a faulty security software update.

Whilst it made the headlines at the time what have been the long-term effects of the outage and what has the industry learned to prevent something similar happening in future?

Eileen Haggerty area vice president, product and solutions at NETSCOUT, says, “While outages like last year’s are a harsh lesson for businesses, they also present an invaluable learning opportunity. Truly resilient organizations will turn the disruption they experienced into a powerful data source and a blueprint for performance assurance and operational resilience. This means leveraging advanced visibility tools to conduct deeply informative postmortems. By building a rich, detailed repository of information from every previous incident, organizations aren’t just documenting history; they're establishing best practice policies and actively future-proofing their operations, ensuring they can anticipate and navigate any potential challenges -- before they become an issue for customers.”

Adam Casey, director of cybersecurity and CISO at tmc3, believes businesses haven’t fully learned the lessons:

The CrowdStrike outage very nearly brought the world to a standstill -- and one year on, it’s clear that businesses still haven’t learnt the lesson. Just look at the recent attacks on M&S and Co-op, resulting in empty shelves, digital disruption, and the theft of customer data. These incidents expose a hard truth: today’s digital ecosystems are fragile, and many organizations remain unprepared for ongoing security and operational risks.

To build resilience, it’s crucial that organizations have end-to-end visibility across the software supply chain, regardless of how complex this landscape is. This includes every vendor, tool, and service provider. Robust internal controls, ongoing third-party risk management, and meaningful cybersecurity training will help strengthen defenses and aid recovery plans in the event of an attack.

David Ferbrache OBE, managing director at Beyond Blue, says, “Too often, there's still an assumption that the digital perimeter ends at the edge of the organisation, when in reality, critical service providers have deep, privileged access that can bypass internal controls altogether. In an era of ‘zero trust’ and constant cyber threat, the idea that poorly vetted software updates can cascade across global networks should have triggered urgent reform, but all too quickly we move on and it becomes yesterday’s news.”

Peter King, principal consultant at Acumen Cyber thinks planning for incidents is vital:

While the incident wasn’t malicious, it did provide some important lessons for organizations in cyber.

Incident response planning is essential in helping organizations rehearse their response to attacks and support recovery efforts. Furthermore, transparency is crucial in the wake of breaches, as this allows organizations to take effective mitigation steps quickly.

While the event was a hard earned lesson that no one wanted, the biggest mistake we can make today is not taking these learnings and using them to make tangible improvements to our cyber and digital resilience moving forward.

Were you affected by CrowdStrike? What steps has your organization taken since? Let us know in the comments.

Image credit: rafapress/depositphotos.com