Cybersecurity lessons and best practice in the wake of the CrowdStrike outage
The recent CrowdStrike outage has indeed brought to light several critical lessons and best practices for the cybersecurity industry. Here are some key takeaways and recommendations for organizations to bolster their cybersecurity posture in the wake of such incidents:
Key Lessons and Best Practices
- Collaborative Approach to Software Testing and Deployment:
- Deployment Alliance: Establishing a collaborative alliance where vendors adhere to best-practice methodologies for software testing can mitigate the risk of widespread outages. This approach can include a signing authority to validate procedures, ensuring alignment with global best practices.
- Vendor Accountability: Vendors must be transparent and accountable for their software updates. This includes thorough testing and validation before deployment to prevent disruptions.
- Regulatory Compliance and Frameworks:
- Cybersecurity Framework (CSF) Compliance: Organizations should align their cybersecurity practices with frameworks like the 2024 Cybersecurity Framework (CSF) from the US National Institute for Standards and Technology. This framework provides guidelines on governance, risk management, and supply chain security.
- PCI-DSS Compliance: For organizations handling payment data, adherence to the Payment Card Industry Data Security Standard (PCI-DSS) is crucial to maintaining high security levels.
- Local Regulations: Complying with local regulations such as the South African Reserve Bank’s updated cybersecurity and cyber resilience standards is essential. These standards focus on digitization, financial technology, and associated risks.
- Top-Down Cybersecurity Buy-In:
- Leadership Involvement: Cybersecurity must be a priority at the board and C-suite levels. A top-down approach ensures that cybersecurity becomes integral to the company’s culture and operations.
- Unified Strategy: A well-managed and unified approach to cybersecurity makes it harder for attackers to find vulnerabilities.
- Employee Training and Awareness:
- Phishing Awareness: Since a significant portion of cyberattacks result from staff negligence, continuous training on recognizing and avoiding phishing emails is critical.
- Gamification and Incentives: Using gamification and incentivization can enhance employee engagement and participation in cybersecurity training programs.
- Advanced Technology and Secure Data Centers:
- Up-to-Date Technology: Investing in the latest cybersecurity technologies is vital for protecting against evolving threats.
- Secure Data Centers: Data centers should have immutable storage, disaster recovery solutions, and undergo regular penetration testing to identify and mitigate vulnerabilities.
- Infrastructure Automation and Recovery Capabilities:
- Automation: Automating infrastructure and recovery procedures can minimize the impact of outages and ensure quick recovery.
- Rollback and Regression Testing: Regularly testing rollback and regression capabilities ensures that systems can be restored to a previous stable state if needed.
- Indemnification Clauses:
- Business Interruption Indemnification: Organizations should include indemnification clauses in their contracts with software vendors to cover business interruptions caused by faulty updates.
By implementing these lessons and best practices, organizations can enhance their cybersecurity resilience, mitigate risks, and ensure continuity in the face of potential disruptions like the CrowdStrike outage.