Technological advancements and their business adoption are accelerating rapidly, making it increasingly challenging for companies to remain resilient and relevant, and to comply with complex regulations.
To be resilient is having the ability to withstand and recover quickly from difficulties. In our interconnected world, cybersecurity resilience is critical not only for large enterprises but also for small and medium-sized businesses, which rely heavily on their entire value chain, including reliable software and a secure IT infrastructure.
As cyberattacks grow in sophistication and frequency, maintaining operations, protecting sensitive data, and rapidly recovering from disruptions in an increasingly complex digital landscape become essential. Resilient cybersecurity practices not only safeguard an organization’s assets but also help maintain trust with customers and partners, enabling long-term stability and compliance. In a world where the unexpected can happen at any moment, resilience forms the foundation of effective cybersecurity.
Too many eggs in one basket
On Friday July 19th, employees in organizations all over the world experienced the infamous Blue Screen of Death after a faulty update released by CrowdStrike for their Falcon software. A flawed kernel configuration file led to affected Windows systems crashing during boot and becoming inoperable. Interestingly, only Windows systems were affected because Falcon’s implementation on Windows requires deeper kernel integration to fully utilize its security functions. Linux and MacOS versions of Falcon are designed differently and do not rely on such extensive kernel integration, which protected them from this error. This incident highlighted how deeply integrated security software can cause problems if not correctly configured and highlights how vulnerable companies can be if they rely too heavily on a single provider and fail to adequately protect their supply chain.
Aviation sector chaos
One of the most visible impacts was in the aviation sector, where over 5,000 commercial flights were cancelled globally. Airlines depend on integrated IT systems for flight planning, ticketing, and in-flight operations, all of which were disrupted by the update. This chaos underscored the necessity of a resilient IT infrastructure to maintain the continuity of critical services and highlighted how essential it is for companies to build resilience into their operations to quickly recover from such disruptions. While aviation was one of the most visibly affected, many organizations across sectors such as financials, utilities, healthcare, manufacturing, etc., were also impacted – both in apparent ways and in ways that went largely unnoticed by the public eye.
$5.4 billion in financial losses
The financial impact of the CrowdStrike incident was substantial. Fortune 500 companies in the US, excluding Microsoft, estimated their losses at around 5.4 billion dollars. These losses stemmed from downtime, lost productivity, and the significant costs of recovery and mitigation efforts. However, the impact was not limited to the US; companies worldwide faced similar disruptions and financial losses, highlighting the global reliance on key cybersecurity providers. This incident illustrates the critical importance of resilience in ensuring that businesses can maintain operations and minimize financial losses during unforeseen events.
What happens when a trusted provider fails?
The CrowdStrike incident is estimated to have affected 8.5 million computers worldwide and the catastrophic outage is reminiscent of the SolarWinds supply chain incident in 2020, where a software update also led to widespread security issues. Both cases highlight the risks associated with dependence on external software vendors and despite lessons from previous incidents, measures to improve Third-Party Risk Management (TPRM) and resilience planning still require great attention.
How do you minimize the impact of third-party risks?
Agility and robustness are key characteristics for resilience, but how do you balance maintaining a tried, tested, and mature defence against both expected and unexpected threats while preserving agility? It is a delicate task, as each change to your security setup introduces potential vulnerabilities. However, there are several preventive and reactive measures organizations can consider to reduce the impact of supply chain incidents. Some examples are:
- Business Continuity Planning and Management are essential activities to quickly and efficiently recover from incidents and continue operations. Decisions on who does what and how, should be defined, documented, reviewed and tested regularly, to help ensure that responsible and supporting employees are capable and well-prepared in carrying out their tasks.
- Evaluate classic risk management capabilities for maturity throughout the risk management lifecycle from risk identification, analysis, prioritization, to mitigation, and monitoring.
- Identify Crown Jewels in alignment with the overall business strategy to understand revenue generating data and assets and prioritize efforts and minimize downtime during an incident.
- Implement automation tools. As the attack surface is growing rapidly and the bar of entry for adversaries is constantly lowering, manual intervention and configuration must be minimized. Concepts as Continuous Threat Exposure Management, or CTEM, aims to automate detection, patching, and scaling, to enable continuous monitoring and prioritization of risks.
- Reasonably diversify supplier landscape and embed multi-vendor strategies to reduce dependencies on single vendors, ensuring that if one fails, others can continue support of operations.
The ability to react expeditiously when incidents occur will not only help maintain cashflow but also instil stakeholder confidence and foster a positive public reputation and can only be achieved through careful continuity planning.
How can Eraneos help?
At Eraneos, we have the capabilities and experts needed to help your organization strengthen your resilience strategy and governance through our advisory and technical implementation services for your specific context. Eraneos has almost 40 years of experience and is one of the leading Swiss IT consulting firms and takes pride in understanding clients’ needs and building fit for purpose solutions.
Kristian Hadsbjerg
Risk Management and Resilience Lead
kristian.hadsbjerg@eraneos.com +41 58 123 93 36 LinkedIn
