CrowdStrike Fallout Underscores How Single Point of Failure Technologies Create Widespread Disruption, Says CyberCube
2024年7月22日 - 4:00PM
ビジネスワイヤ(英語)
The faulty CrowdStrike Falcon Sensor update and subsequent
outage – the CrowdOut Event – underscore the potential for Single
Point of Failure (SPoF) technology outages to impact the global
digital economy. CyberCube is advising clients on how to use SPoF
Intelligence to identify exposed insureds and estimate the exposure
footprint of the event. SPoF Intelligence is the definitive source
for analyzing a portfolio's digital supply chain, integrated with
the industry's leading cyber model.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20240722503684/en/
Impact funnel diagram showing the impact
of the CrowdOut event. (Graphic: Business Wire)
What Happened?
A global IT system outage was triggered by a faulty software
update from CrowdStrike, causing widespread disruptions across
various Windows operating system (OS) types. The issue originated
from a defective kernel driver included in the update, which led to
numerous systems crashing globally and displaying the “Blue Screen
of Death” (BSoD).
The issue began with a CrowdStrike update that was intended to
enhance security but inadvertently included a logic error in a
configuration file. Invalid operations caused by the logic error
led to the OS encountering conditions it cannot resolve. This
resulted in system crashes, manifesting as the BSoD. The BSoD is a
protective measure to prevent further damage to the OS by stopping
all operations.
Who Is Impacted?
The faulty update affects companies using CrowdStrike’s Falcon
software on machines running Windows OS, both desktop (including
Windows 10 and 11) and Windows Server. These are the primary
companies affected by the event. With its global position in
cybersecurity, CrowdStrike’s own customer base includes many other
organizations that CyberCube identifies as SPoFs. Companies relying
on one of these SPoFs may be secondary victims of the event, even
if they do not use CrowdStrike and Windows directly. Additionally,
CrowdStrike Falcon is deployed by managed security service
providers (MSSPs) on the networks of other – typically smaller –
organizations they oversee. These organizations using such MSSPs
are also secondary victims of the event. Notably, financial
institutions, healthcare providers, and transportation networks
have all experienced disruptions.
Applying the SPoF Intelligence tool to search for insureds that
are dependent on CrowdStrike Falcon, shows it is likely that all
users of the core components of the CrowdStrike Falcon platform in
conjunction with Windows OS are impacted. Analysis of the count of
companies exposed across CyberCube’s US Industry Exposure Database
(IED) identifies large companies in Manufacturing, IT, Healthcare,
and Financials as the most likely to be exposed. Examination of
exposed limits shows an outsize exposure in the Aviation, Banking,
and Retail sectors.
CyberCube has provided clients with a list of SPoFs that are
dependent both on CrowdStrike Falcon and Windows OS. The outage
affects various versions of Windows operating systems. This broad
scope means that any organization or individual using these
operating systems alongside CrowdStrike Falcon is at risk of
experiencing system crashes and operational disruptions.
Catastrophic Loss Modeling
The primary impacts of the CrowdOut Event closely resemble two
scenarios in CyberCube’s Portfolio Manager aggregation model.
Modeling scenario classes 41 (operating system disruptions on
endpoints) and 42 (operating system disruptions on servers) within
CyberCube’s event catalog show the CrowdOut Event to be mainly a
system failure or business interruption (BI) event.
Customers may experience secondary impacts by way of additional
SPoFs that fall within this primary footprint. SPoFs for scenario
classes 4, 9, 10, 11, and 18 (mainly related to financial services
and payment system technologies) have been observed as users of
CrowdStrike and Windows operating systems, exposing companies that
rely on these SPoFs to possible contingent business interruption
(CBI) outages.
What To Expect?
Affected organizations can expect a series of remediation and
recovery efforts to take place immediately. Companies with the IT
resources to handle large-scale incidents are expected to recover
faster. There may be ongoing disruptions as companies implement
patches and verify their systems' stability. Rolling back the
update and applying patches requires specialized knowledge. For
small and medium-sized companies, a lack of access to IT staff
could delay the remediation process. Companies lacking robust
contingency or IT backup plans could also face additional
disruptions.
CyberCube Support
CyberCube's Cyber Aggregation Event Response Service (CAERS) has
been activated as a result of the CrowdStrike event. CAERS provides
up-to-date intelligence on major cyber catastrophes worldwide as
they unfold to ensure CyberCube clients have the most relevant
information. CyberCube will continue to monitor this developing
event and provide support for customers in calculating the impact
on their own cyber insurance portfolios.
About CyberCube
CyberCube is the leading provider of software-as-a-service cyber
risk analytics to quantify cyber risk in financial terms. Driven by
data and informed by insight, we have harnessed the power of
artificial intelligence to supplement our multi-disciplinary team.
Our clients rely on our solutions to make informed decisions about
managing and transferring cyber risks. We unpack complex cyber
threats into clear, actionable strategies, translating cyber risk
into financial impact on businesses, markets, and society as a
whole.
The CyberCube platform was established in 2015 within Symantec
and now operates as a standalone company. Our models are built on
an unparalleled ecosystem of data and validated by extensive model
calibration, internally and externally. CyberCube is the leader in
cyber risk quantification for the insurance industry, serving over
100 insurance institutions globally. The company’s investors
include Forgepoint Capital, HSCM Bermuda and Morgan Stanley
Tactical Value. For more information, please visit www.cybcube.com
or email info@cybcube.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240722503684/en/
Yvette Essen, Head of Content, Communications & Creative,
yvettee@cybcube.com