What We've Learned About Business Continuity From the CrowdStrike Incident

Last month, the cybersecurity landscape faced one of its most significant challenges to date. A faulty update from CrowdStrike's Falcon Sensor security software caused a global disruption that impacted millions of businesses and government services. 

This historic incident, while devastating for many of the industries impacted, offers several critical lessons on business continuity. But first, let’s examine what happened exactly.

The CrowdStrike Incident: An Overview

CrowdStrike, a leading US-based cybersecurity company, distributed an update for its Falcon Sensor security software on July 19, 2024. Unfortunately, this update was flawed and caused widespread issues on Microsoft Windows computers running the software. 

As a result, approximately 8.5 million systems crashed and were unable to restart properly, marking what has been called the largest outage in the history of information technology.

Impact & Scope

The outage had a far-reaching impact across various sectors. Airlines, airports, banks, hotels, hospitals, manufacturing plants, stock markets, broadcasting stations, gas stations, retail stores, and even governmental services like emergency services and websites were severely disrupted. 

The worldwide financial damage was estimated to be at least $10 billion.

Immediate Response

Within hours, the error was discovered, and CrowdStrike released a fix. However, due to the nature of the problem, many affected computers required manual intervention to be fixed, causing prolonged outages in many services and putting excessive stress on many IT departments, call centers and other support channels.

The Aftermath of the CrowdStrike Incident

The aftermath of the CrowdStrike incident has brought to light several key areas of concern and improvement for businesses and cybersecurity practices globally. In particular, the incident underscored the need for:

• Incident Response Planning: Companies with a well-defined incident response plan could act swiftly to mitigate damage.
• Cross-Platform Compatibility: Relying on a single operating system or software solution can be risky; diversifying can provide alternative pathways in case of failure.
• Robust Backup Systems: Businesses that had strong backup systems in place were able to recover more quickly.

How ChromeOS Supports Business Continuity

In light of such incidents, it's crucial for businesses to explore resilient solutions that can safeguard their operations. ChromeOS stands out as a robust option for ensuring business continuity.

Built-In Security

Equipped with security features like data encryption, sandboxing, and the Google-designed Titan C chip protecting identity and system integrity, ChromeOS devices have built-in security.

Google Safe Browsing alerts users from navigating to malicious sites and the prevent password reuse feature stops employees from reusing business passwords to proactively prevent malicious threats and data leaks.

There are two copies of ChromeOS on every device so Verified Boot can confirm the system is unmodified at boot up, and if the OS is found to be corrupted, it can switch to the safe version. Executables don’t run on ChromeOS, eliminating the need for antivirus or security software like CrowdStrike.

“CIO's and CISO's should always be working towards mitigating attack vectors and operating on the principle of least privilege,” Colin McCarthy, Change Management Leader at Promevo, said on the situation. “Security software like CrowdStrike is required due to the inherent insecure nature of Windows, so why run it when it's not needed? Why add the extra risk to your organization?”

Cloud Integrations

ChromeOS is designed with Google's ethos of "better together" at its heart. Users can enjoy a consistent experience across devices, with Chromebooks offering out-of-the-box support for Google Workspace applications such as Gmail, Google Drive, Docs, Sheets, and Slides.

Plus, with Google Workspace, all your work is stored securely in the cloud, accessible from any device with an internet connection. Whether you're working from your Chromebook, smartphone, or desktop computer, ChromeOS's strong integration with cloud services ensures that your data remains accessible, even if individual devices fail.  

“With the drive to be Zero Trust, there is really no justifiable reason for companies to run Windows or MacOS for users who only interact with applications in a browser,” added Colin McCarthy. “In the case of airport gate and notice board displays that went offline [during the CrowdStrike incident], there is no reason to have a Windows device displaying your arrival and departure information… a ChromeOS device is better suited for this task.” 

Enhanced Resilience

Overall, ChromeOS's architecture is inherently more resilient to the type of catastrophic failure seen in the CrowdStrike incident.

Its reliance on cloud-based applications and storage along with its robust security features make it an ideal choice for businesses looking to minimize downtime and maintain continuity during unforeseen events.

Get Started With ChromeOS 

The CrowdStrike incident serves as a stark reminder of the vulnerabilities inherent in our interconnected digital world. However, it also provides an opportunity to reassess and strengthen our cybersecurity measures. 

By adopting resilient solutions like ChromeOS, businesses can better protect themselves against future disruptions.

If you're looking to enhance your organization's resilience and ensure better business continuity, connect with Promevo today. Our team can help you get started with ChromeOS, providing you with the tools you need to keep your business running smoothly. 

We can even help you revive any devices impacted by the CrowdStrike incident with ChromeOS Flex, a cloud-first operating system for not only PCs but also Mac. Contact us to get started.