eSudo.com

Crowdstrike and Windows Outage Lessons Learned

The recent Crowdstrike Windows Updates outage offers crucial takeaways for enhancing our preparedness against similar incidents. Although not caused by ransomware or a cyberattack, the impact mirrored such events with significant downtime, lost productivity, and revenue.

Incident Recap

Crowdstrike, a leader in the endpoint detection and response (EDR) sector, experienced a major issue on July 19. A faulty update led to the infamous “blue screen of death” (BSoD) on Windows PCs and Servers, rendering them inoperable.

When a device encounters a BSoD, it cannot start or connect to the internet, essentially becoming “bricked.” Resolving this issue necessitates a technician or system administrator physically accessing the machine. This is especially challenging in a remote work environment, requiring either the device to be brought to the office or a technician to visit.

Tackling BitLocker Encryption

The next hurdle involves BitLocker encryption, which secures data on most Windows devices. To fix the machine, the technician must bypass this encryption, which is protected by a complex key. Locating this key involves identifying the computer’s name and model and retrieving it from a secure database, either the Active Directory Domain Controller or Microsoft 365 Azure Entra ID. If the company’s server is also affected, recovery takes even longer.

Once past the encryption, thec technician can use a USB recovery toolkit or boot in safe mode to edit the registry and restart the device.

TIP: Make sure your BitLocker is stored and accessible in a secure location where you can access it in an emergency.

 

Planning and Preparation

This incident underscores the necessity of planning and preparation. Small businesses, in particular, face additional challenges with remote and geographically dispersed staff. Yet, every business must recognize the critical need for robust incident response plans. Technology dependency is universal, and so are the associated risks, which are continually evolving.

Microsoft estimated that 8.5 million Windows machines were affected by this outage, potentially costing billions globally and taking weeks to fully resolve.

Take Action

This event is a stark reminder to develop, implement, and regularly test an incident response plan. It’s not a matter of if but when the next technical outage will occur, whether due to human error, disgruntled employees, or cyberattacks. While there is one size fit all to each company situation, if you are a small busines with employeess and customers, consider the following action you do today:

  • Rollout software updates in stages – test the updates on a select number of devices before putting them on the entire company. Work with your IT team to do this.
  • Ensure your data, local files and cloud applications, are backed up regularly and test the backup.
  • Confirm your Bitlocker encryption nkeys are backed up for your Windows Computers and accessible by the authorized individual or IT team.
  • Plan regular table top execise for these security incidents with your team and what to do in these events.

 

Dedicated to keeping your IT systemens running and secure (KISS). If you like to learn more, contact one of our technology specalist at eSudo.com/booking for a free consultation or follow me for future updates on cybersecurity and IT discussion.

Dedicated to keeping your IT systems running and secure (KISS).

Our IT support and Help Desk team can provide live answers by phone, email, and remote assistance. We offer a range of computer services and IT support, helping with hardware, software, and how-to issues so your staff can continue to get work done.

Learn More – IT Help Desk & Device Management

This service includes ongoing security overwatch for your business, including vulnerability scanning and software updates, next-gen anti-virus and anti-malware protection, follow-me firewall, security awareness training for employees, and data backup protection from ransomware. We also specialize in data recovery, ensuring your critical information is safe and retrievable.

Learn More Advanced Cyber Protection

We can provide various services regarding Microsoft 365 and cloud-related items. They include migration from other email services (GoDaddy, Google Workspace, Intermedia, POP3) to Microsoft 365, hardening email and cloud storage, or software license management. We also provide Azure services, such as virtual machines or virtual desktops, and management services to help businesses monitor and manage their IT infrastructure. Additionally, we offer expertise in developing and maintaining network infrastructure to ensure reliable connectivity.

Learn more about Cloud Services.

If you are considering a new phone system, a VoIP phone system is an excellent option compared to using a personal cell phone or traditional landline because it is more flexible and saves time and money. We offer competitive prices and better customer services compared to larger providers like RingCentral, Comcast, AT&T, or 8×8 because we focus on small businesses. We can also migrate your phone systems to our managed phone services, where you have live support and a cost-effective, enterprise-class solution that’s easy to use and manage. Our security solutions provide confidence by protecting your business from digital threats.

Learn More about Phone Systems

One of the biggest threats to your business is the risk of losing your data. We recommend backing up your data on your servers, computers, and cloud applications such as Microsoft 365 Email, SharePoint, OneDrive, and QuickBooks. Support companies like ours offer reliable support services to ensure your data is always protected.

Look for a backup solution that stores your file offsite and is “immutable” so you can restore your files from accidental deletion or theft, fire or human error, and, importantly, from an attacker who holds your data for ransom. Our technical support team is ready to assist with any issues that arise, ensuring your data is safe and your systems are running smoothly. Immutable backup means attackers or cyber criminals cannot delete the data stored in the cloud or offsite.

Learn More About Online Backup