The $5.4 Billion Outage

On July 19, 2024, Fortune 500 companies experienced a shocking $5.4 billion loss, with about 25% of them directly impacted. The most affected sectors were airlines, healthcare, and banking, with insured losses ranging between $0.5 billion and $1 billion. What caused this massive disruption? A recent CrowdStrike outage.

This Outage, triggered by a DNS configuration error, was a wake-up call for businesses relying heavily on third-party vendors for cybersecurity solutions. What initially seemed like a minor technical issue quickly escalated into a major disruption, leaving companies without access to the critical tools they need for operations. The consequences were immediate and significant. For example, several airlines faced severe operational challenges, leading to flight delays and cancellations. In some cases, airport staff had to revert to manual boarding processes, causing longer wait times and increasing traveler frustration.

The impact didn’t end there. Thousands of retail businesses were also affected. Retailers were not able to operate fully, process payments, and manage sales. Some stores were forced to temporarily close or switch to cash-only transactions, inconveniencing customers and hurting sales. Financial institutions were also affected, with some reporting delays in processing transactions.

This incident underscores a crucial point: your organization’s security is only as strong as the third party you trust.

Is your Business Really Protected from CrowdStrike Vulnerabilities?

The Outage highlighted a critical gap in many companies’ risk management strategies: the need for continuous and thorough risk assessment of third-party vendors. When your business relies on external vendors that use CrowdStrike for essential cybersecurity services, you’re placing significant trust in their systems, processes, and crisis response capabilities. However, as this incident clearly demonstrated, even a small error on their part can lead to widespread disruptions that affect not just IT systems but entire business operations.

This is why conducting a comprehensive third-party risk assessment is not just best practice but an absolute necessity. It’s about more than just keeping your systems running; it’s about ensuring your business can continue to operate smoothly, even when your vendors face challenges. Your reputation and bottom line depend on it.

To help you address this critical need, we’re starting a four-part series to help you tackle these challenges and strengthen your approach to managing third-party risks and incident responses:

• Assessment: (This is where you are now). We’ve included a practical questionnaire to help you assess and monitor third-party risks using integrated risk management tools.
• Preparation: Next, we’ll Learn how to build and manage incident response plans, similar to the Third-Party Incident Response Strategy Guide and the NIST Checklist, ensuring your organization is fully prepared for potential security breaches.
• Immediate Action: After that, we’ll guide you through the critical first 24 hours after a security incident, helping your organization respond effectively.
• Automation: Finally, we’ll explore how IBM OpenPages’ automation features can make risk assessments, compliance checks, and incident management smoother and more efficient.

So, let’s begin with the first part of the series.

CrowdStrike Vendor Risk Assessment Questionnaire

Here, we are sharing a specialized CrowdStrike Vendor Risk Assessment Questionnaire. This set of questions is designed to help your organization quickly assess the impact of the recent Outage on your third-party vendors and understand their response strategies. By using this assessment, you can gain immediate insights into your vendors’ vulnerabilities and their readiness to handle such incidents in the future.

1. Does your organization use CrowdStrike Falcon Sensor NGAV and EDR products?

• Yes
• No

Next Steps:

• If Yes: Regularly review CrowdStrike’s security measures and update your contingency plans. Ensure you have robust backup solutions to handle potential disruptions.
• If No: Evaluate the security measures of other third-party vendors, you rely on. Conduct a risk assessment to ensure they have strong incident response plans.

2. How significant was the impact of the outage on your systems?

• Significant Impact
• High Impact
• Low Impact
• No Impact

Next Steps:

• If Significant Impact: Immediately enhance your incident response strategies. Collaborate with your vendors to strengthen their incident management capabilities.
• If High Impact: Review and bolster your current incident response plans. Ensure your vendors are prepared to handle disruptions effectively.
• If Low Impact: Continue improving your response strategies. Focus on addressing any weaknesses that were revealed during the incident.
• If No Impact: Maintain your existing practices, but review and update them regularly to ensure continued protection.

3. Does your organization have backup systems in place?

• Yes
• No
• N/A

Next Steps:

• If Yes: Regularly test and refine your backup systems to ensure they function well during disruptions.
• If No: Develop and implement backup systems immediately. Identify critical areas that require protection.
• If N/A: Consider whether your operations would benefit from backup systems and plan accordingly.

4. Has your organization implemented CrowdStrike’s recommended recovery steps?

• Yes
• No

Next Steps:

• If Yes: Keep your recovery procedures updated. Ensure your team is well-trained on these steps.
• If No: Implement the recovery steps as soon as possible. If needed, seek assistance to secure your systems.

5. Do you have a designated point of contact for cybersecurity issues?

• Yes
• No

Next Steps:

• If Yes: Make sure the contact information is up-to-date and that all relevant staff know who to reach out to in case of an incident.
• If No: Assign a cybersecurity point of contact immediately. Ensure their contact details are communicated to your team.

By addressing these questions, you are taking proactive steps to ensure that your relationship with CrowdStrike, and any other third-party vendor, is secure and resilient.

Conclusion

The recent CrowdStrike outage underscores the critical importance of thoroughly assessing your third-party vendors. At iTech GRC, as an IBM OpenPages partner, we’re committed to helping you effectively manage these risks.

IBM OpenPages simplifies this process with its Automated Questionnaire Distribution and Follow-ups feature. This tool automates the distribution of questionnaires, collects vendor responses, and handles all follow-ups, allowing you to focus on what truly matters. To learn how this feature has benefited one of our clients, we invite you to explore our detailed case study.

Do check Part 2, where we’ll guide you through building a robust incident response plan.

If you have any questions or thoughts about these questionnaires or third-party risk assessments, get in touch with us.