Crowd Strike - This Got Me Thinking

welcome back to another episode of cappuccino chat this time we're talking about the crowd strike incident and well it got me thinking okay this time we're talking about the crowd strike incident that happened in July and it kind of got me thinking about things so first if you weren't aware of the crowd strike issue or maybe you didn't understand some of the outages that you may have experienced because of it it was a Enterprise grade security product uh that's used by uh a lot of Enterprise businesses like Airlines uh the federal government those kinds of things and I know some of the big parts that were affected were the airlines matter of fact Delta was the most affected by it so what this was caused by was a bad update in the program caused the computers to experience a blue screen of death and not fully booted up so they would not turn on users couldn't use them this happened to Millions of devices 8.5 million to be exact around the world were affected because of this bad update now even if you weren't directly affected because you didn't have the crowd strike program installed which most small to medium-sized businesses do not again it is an Enterprise great uh product you may have been inadvertently affected by it I.E flying on the airlines or trying to make a reservation or in my instance uh we came in that morning and uh we heard some uh beeping out in our warehouse well come to find out that beeping was uh in the electrical room for our building and it ended up being the fire control panel and the reason it was beeping is because that panel couldn't communicate to the monitoring service because the monitoring service systems were down due to the crowd strike issue so we were inadvertently affected to it so two things happened uh that kind of got me thinking one you and your employees don't have to be the one that cause these types of issues right so our instance it was a vendor or a third party that caused this thing the other one was is how do businesses respond when something like this happens a bad update could be a bad Microsoft Patch uh could be your QuickBooks uh P update fails and causes it to become unstable and unusable those types of things so what happened so now my first point is more uh as far as your employees and you don't need to do anything wrong to cause these issues um is just to make everybody aware again multiple layers of security multiple layers of protection are what's really truly needed um in a cyber security framework but I want to spend more time on number two and that's how do businesses respond now we've talked about disaster recovery plans before and that's more about uh flood fire earthquake those types of things in a disaster what happens and even those disasters could be just the fact that the server doesn't turn on that's typically when we're talking about Disaster Recovery plans is the server Andor the entire building is gone uh and unusable this is more of an incident response plan that needs to be done and most people haven't ever heard of this Andor ever considered creating one and an incident doesn't need to mean to me be a disaster I.E in this case um nothing you know catastrophic caused it the building was still standing there was no fire no flood no earthquake uh the server would turn on it's just because of the bad update you were stuck so this is more of a cyber incident response right that we need to talk about so what would you do what would your business do in a case like this and it doesn't even to be this case like I mentioned QuickBooks let's say QuickBooks gets a bad update and is no longer stable what is the plan what is the thought process that goes in who is affected what do you do type of thing in an incident response plan the biggest thing with these incident response plans is you can't ever think of every variable even in a disaster recovery plan you can't think of every variable that may happen but you have a general plan so so that employees know how to react what to do so if your employees come in before you do in the morning and something like this had happened and all the computers wouldn't boot they all had a blue screen to death would your employees know what to do in your plan who do they contact first second third those types of things that's really what we want to uh think about that's really what you need to kind of put down uh communicate to your employees maybe put it in a binder at your office so if something ever happens it is there and again this isn't just about your computer systems this could be uh your phones your credit card terminals your POS stations uh the building alarm the fire alarm like it happened with us what what needs to happen when this kind of incident takes place what how do we communicate Do We Gather in a certain spot um so again if it was was some type of uh danger issue um what what do they do what's the what's the response during this type of incident so that you can ensure that your employees your business and your clients remain safe and protected uh as much as possible so if you don't have one written down uh discussed and even practiced with your employees uh I recommend your next executive meeting you kind of bring this up this incident response plan which people may or may not have heard about about and just start thinking it through so that in certain instances if there is a incident what is the process in which your employees and you are going to follow is it hey if the computers won't boot won't do this you just call you just call Matt over at Southwest networks you call them open a ticket and they will respond appropriately for you to the issue that's great but again that just handles your computer systems not other things we may not be doing your phones your alarms your security cameras your fire control stuff other items at your building if there is a incident what are the points of action that need to be handled and by whom do those things need to be done so if like always if you have any questions about this you'd like some guidance like to talk a little this through a little bit please give me a call 760 77052 Z