Is My Data Safe? - Lessons to Learn from the CrowdStrike Outage
August 16, 2024

A Major IT Outage: What Happened?


On July 19, 2024, a significant IT outage disrupted services worldwide. Banks, healthcare facilities, emergency services, and payment systems faced interruptions, causing widespread business closures and even flight cancellations. This global incident left many travelers stranded and businesses scrambling to restore operations. 


What is CrowdStrike? 


CrowdStrike is a leading American cybersecurity company specialising in software to monitor and detect cyber threats. Their flagship product, Falcon EDR (Endpoint Detection and Response), acts like a powerful antivirus tool. It detects and mitigates security threats, alerting of potential hackers. 

 

During a recent update, it caused many computers to crash, resulting in the infamous Blue Screen of Death (BSOD) on Windows systems. Given that Microsoft systems constitute about 70% of desktop operating systems worldwide, the effects of this outage were extensive, impacting millions globally. *


Is My Computer Safe? 


The good news is that CrowdStrike's products are primarily used by organisations, not individual home users. If you are using regular antivirus and anti-malware programs, you would not have been affected by this outage. However, it raises an important question: what can I do to prepare for future outages? 

Lessons Learned for Businesses 


1. Review Redundancy and Single Point Failures 


  • Relying on a Single Source: If your organisation depends heavily on one cybersecurity provider, it can be risky when things go wrong. 
  • Diversify Your Vendors: By using multiple service providers, you reduce the impact of any one service experiencing issues. 
  • Redundant Security Measures: Always have backup security solutions ready to deploy during outages. 

 

2. Enhance Incident Response 

 

  • Effective Plans: A well-prepared incident response plan can greatly reduce the impact of outages. When was the last time you tested yours? 
  • Scenario Planning: Ensure your incident response plans cover various disruption scenarios. 
  • Communication Plans: Clear communication is crucial during outages. What will your messaging be? 

 

3. Employee Training 

 

  • Build a Culture of Resilience: The Australian Cybersecurity Center (ACSC) reported that during the outage, malicious websites and unofficial code attempted to exploit the situation; training staff to recognise these risks is essential.** 
  • Handle Disruptions: Well-trained employees can better manage disruptions and outages. 
  • Regular Drills: Conduct regular training sessions and simulated drills to ensure your team is prepared to handle real incidents efficiently. This includes recognising phishing attempts and social engineering attacks that often follow major disruptions. 

 

4. Organisational Resilience 

 

  • The recent CrowdStrike outage was not caused by a cyber-attack, but it serves as a valuable learning opportunity. You can use this experience to strengthen your business culture of resilience and improve your preparedness for future incidents. The ability to maintain and quickly recover normal operations during a disaster is crucial. 

Lessons Learned for Individuals 


As a reminder to remain vigilant, and as noted by the ACSC, unofficial websites and sources of help were released to take advantage of the CrowdStrike incident**, here are some essential tips to keep in mind: 

 

1. Exercise Caution with Unsolicited Communications: 


Be extra cautious if your primary security tool is down. Always be skeptical of unsolicited messages that ask for personal information or urge you to act quickly. Avoid clicking on suspicious links and directly verify any requests for personal information or payments. 

 

2. Have a recovery plan and backup your data:

 

Ensure your important files are backed up so that you are not reliant on a single source. In the event an outage occurs prepare a recovery plan. 

 

3. Verify the Source: 


During worldly events, if you receive a suspicious call or message, verify the caller’s identity. Be aware of tools like voice cloning and number spoofing that make calls appear legitimate. If in doubt, hang up and contact the entity directly. 

 

4. Secure Your Information:


Use strong, unique passwords for all your accounts and consider a password manager. Enable multi-factor authentication to increase security. 

 

5. Monitor and report Suspicious Activity: 


Regularly check bank and other sensitive accounts for unauthorised transactions and alerts. Report suspicious activity to relevant organisations immediately. If you suspect a cyber-attack, report it to https://www.cyber.gov.au/ 

We’re Here to Help 


Cyber-attacks and scams will always be prevalent in the online world, but by working together and being prepared, we can help detect and prevent suspicious activity. If you think you’ve been a victim of a scam or are worried about the security of your accounts, email us at csg@melbcdf.org.au or phone 1800 134 135. 



Reference 

* https://news.sky.com/story/microsoft-has-serious-questions-to-answer-after-what-could-be-the-biggest-it-outage-in-history-13180962 

** https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update 

Share this article:

Related articles

Saint Ignatius College, Geelong embraces the flame and follows the footsteps of Mary MacKillop with the opening of a new senior learning centre

By Seth Khouri August 9, 2024
On the third floor of the MacKillop Senior Centre at Saint Ignatius College Drysdale, on the Bellarine Peninsula, a small group of students take up positions in a comfortable alcove outside the main classrooms. Some pull tables together and spread-out folders and books, others face each other in pairs in animated discussion, while others work in contented independence on their laptops. The centre, completed in March 2024, and its many well-designed informal and formal learning spaces, is part of a broader vision that helps achieve the college’s mission to provide the best quality co-educational Catholic education in the Geelong region. “It’s a beacon of opportunity and collaboration”, says College Principal Michael Exton.

Celebrating Unity and Culture: 2024 CDF Wardandi Gift

By Michelle Ross-FitzGerald July 9, 2024
At the heart of the vibrant South West region of Western Australia, a special event unfolded on May 9, 2024, that showcased the beauty of unity, culture, and community spirit. St Mary’s Catholic Primary School in Bunbury emerged victorious in the CDF Wardandi Gift, held on the grounds of Bunbury Catholic College . Created in 2023 to celebrate Bunbury Catholic College’s 50th anniversary, this year’s event was a wonderful culmination of hard work by college event coordinator Michael Chappel and Indigenous Student Coordinator Tobie Watson. The CDF Wardandi Gift was more than just a relay race. It was a celebration that brought together approximately 200 students from five primary schools: St Mary’s and St Joseph’s Catholic Primary Schools in Bunbury , Our Lady of Lourdes Primary School in Dardanup , St Mary’s Primary School in Donnybrook , and Djidi Djidi Aboriginal School in Bunbury . These schools gathered on Albert Oval for a day filled with activities that honored Aboriginal culture. The event was not just a celebration of culture, but also a reflection of Catholic values. It emphasised the importance of community, respect, and inclusivity, core tenets of our faith. As Pope Francis often reminds us , "The Church is a community of those who have encountered Jesus Christ and have made a commitment to follow him." The CDF Wardandi Gift embodied this spirit of community and commitment. It was a day where many came together to honor the rich cultural heritage of our Aboriginal brothers and sisters, recognising the divine presence in every culture and tradition.

Fostering Community, Faith and Excellence in Arts at St Patrick’s College, Ballarat

By Michelle Ross-FitzGerald June 26, 2024
A long-held dream to have a dedicated space fostering community, faith and excellence in the arts has been realised at St Patrick’s College Ballarat in regional Victoria. The College officially opened its state-of-the-art Performing Arts Centre on Monday 29 April 2024, heralding a vibrant new chapter of education at the College. The $20 million facility was brought to fruition with the financial support of CDF. A partnership between St Patrick’s College and CDF that is rooted in shared values and a vision for holistic education. St Patrick’s College Business Manager, Andrew Jirik said the new Performing Arts Centre, which features an 800-seat auditorium with cutting-edge theatre and AV technologies, Black Box Theatre, Ensemble, Percussion and Band Rooms, and five individual tuition studios, represented the single biggest investment in the arts in the College’s history.
More

CDPF Limited, a company established by the Australian Catholic Bishops Conference, has indemnified the Catholic Development Fund ABN 15 274 943 760 (the Fund) against any liability arising out of a claim by investors in the Fund. In practice, this means your investment is backed by the assets of the Catholic Archdiocese of Melbourne. The Fund is required by law to make the following disclosure. Investment in the Fund is only intended to attract investors whose primary purpose for making their investment is to support the charitable purposes of the Fund. Investors’ funds will be used to generate a return to the Fund that will be applied to further the charitable works of the Archdiocese of Melbourne and the Dioceses of Sale and Bunbury. The Fund is not prudentially supervised by the Australian Prudential Regulation Authority nor has it been examined or approved by the Australian Securities and Investments Commission (ASIC). An investor in the Fund will not receive the benefit of the financial claims scheme or the depositor protection provisions in the Banking Act 1959 (Cth). The investments that the Fund offers are not subject to the usual protections for investors under the Corporations Act (Cth) or regulation by ASIC. Investors may be unable to get some or all of their money back when the investor expects or at all and investments in the Fund are not comparable to investments with banks, finance companies or fund managers. The Fund’s identification statement may be viewed here or by contacting the Fund. The Fund does not hold an Australian Financial Services Licence.