On Friday, July 19, 2024, organizations around the world experienced a computer outage. The issue was determined early on to be non-malicious. Australia first discovered the issue, and as dawn broke across Europe, many business and transportation entities found their systems had been adversely impacted. Many businesses, notably banks, airlines, trains, supermarkets and TV stations, were unable to operate due to the issue.
IT security firm CrowdStrike was at the center of the matter. They were engaged in installing an update to their Falcon platform, an antivirus tool, when it was determined the update had a defect. To work on a remedy, CrowdStrike booted systems offline. It is noted that the faulty update only affected Windows-based systems. Linux and Apple computers and devices have been unaffected thus far.
While a remedy has been issued, many clients are still experiencing delays and difficulties stemming from Friday’s event.
CrowdStrike’s Response
In response to the outage, CrowdStrike has pushed a "technical alert" on their customer portal containing up-to-date information about the issue, provided steps being taken to resolve the incident and issued guidance for affected users. If you are still experiencing issues with your systems, we encourage you to immediately refer to this resource to assist with restoring functionality.
Client Impact
The outage has had varied levels of impact on clients, depending upon their reliance on the Falcon platform. Many operations found themselves unable to do business or conduct business transactions. Others simply found themselves at a standstill to conduct day-to-day operations as systems slowly came back online.
Next Steps
- If you are still unable to access your systems, it is important to apply mitigation steps. We understand that current guidance is to reboot affected hosts, but if this is not successful, CrowdStrike has released guidance on steps that should be taken to manually remove specific files. Customers should regularly check CrowdStrike’s customer portal and their official website for updates, as well as continue to monitor systems for performance and stability.
- Be vigilant and on the lookout for potential phishing campaigns. Researchers have warned that attackers have reserved domain names and have created websites to appear as CrowdStrike Support. It is important to remind employees of the official steps being taken around the CrowdStrike matter. It is critically important to not provide sensitive information or passwords to anyone purporting or pretending to be a CrowdStrike customer service representative.
- While it is difficult to assess coverage on a large-scale basis, there may be dependent or contingent business interruption for system failures available in your cyber liability policy, if purchased. We encourage clients to keep track of all expenses, invoices and costs that have been incurred during this period.
- If you believe you have been impacted by Friday’s events, please contact your NFP Cyber Liability team member. At NFP, we are well positioned to assist with navigating notification requirements, identifying approved vendors and other potential coverage, and providing response support that can be found within the policy.
- Friday’s event highlights the need for organizations to have business continuity, disaster recovery systems and plans to minimize downtime when this type of event occurs. Those systems and plans should be regularly tested. NFP continues to partner with trusted vendors should you need assistance with review of your security plan.
Conclusion
This client alert aims to provide timely and relevant information regarding the recent CrowdStrike outage. NFP and NFP’s Cyber Liability team remain committed to providing support and guidance during this time. If you are experiencing a cyber incident, please contact your NFP Cyber Liability team member for assistance.
Reach out today to start a conversation about how we can work together to move you forward.
