In the wake of the recent CrowdStrike global outage caused by a bug in a software update – what risks are posed by overreliance on such a small number of cybersecurity service and platform vendors?
The worldwide temporary chaos was a result of distributing a faulty update to CrowdStrike’s Falcon Sensor security software and resulted in a Windows system crash across multiple industries from transport to healthcare.
Insurers estimate the outage will cost US Fortune 500 companies around $5.4bn prompting businesses to ask how they can avoid this happening to them.
Simon Pardo, director of technology specialist Computer Care said: “The sheer scale of the disruption raises serious questions about our overreliance on single-vendor solutions in critical infrastructure and how business critical a full disaster recovery plan now is.
“The extent to which Crowdstrike has penetrated the market has created a dangerous monoculture in our digital ecosystem. When we put all our eggs in one basket, even a minor crack can lead to catastrophic consequences.”
Some of the top US cyber companies have software programmes running on most company devices including Palo Alto Networks, Fortinet, Cisco, Cloudfare, Zscaler, and, of course, CrowdStrike.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIf there is an issue with one of these major players, then there is a risk of severe disruption to organisations relying solely on these companies, and often this can lead to increased criminal activity when a major vendor’s vulnerabilities are exposed.
Kory Daniels, CISO at US cyber company Trustwave said: “The recent CrowdStrike outage underscores a growing concern, the potential for widespread disasters to serve as catalysts for criminal activity. When systems fail and chaos ensues, it creates ideal conditions for criminals to prey on the unique opportunity.”
CrowdStrike outage highlights importance of incident response
Research and analysis company, GlobalData, posted an analyst blog after the event stating that companies such as Microsoft and others are assessing their own resilience and incidence response.
The blog states: “The event raised serious questions both about vendor quality control and their customers’ overreliance on automation with respect to IT updates. CrowdStrike published an initial incident report, identifying the pair of issues that drove the proverbial IT train right off the tracks.
“Along with profuse apologies from CrowdStrike’s CEO, the company promised a full post-breach disclosure once it completes its investigation.”
GlobalData named CrowdStrike as one of the leading technology companies in cybersecurity in recent comparative analysis alongside Microsoft, Cisco, Palo Alto Networks, IBM and Accenture.
Most issues experienced by large cybersecurity companies, whether bugs or unforeseen vulnerabilities are reported widely and frequently by the cybersecurity community to developers responsible for their repair, meaning fixes are addressed quickly and damage is mitigated.
In the CrowdStrike incident, a remedy was deployed in just over an hour when the company discovered a bug in the programme intended to catch issues before software updates are uploaded to customers.
The fix included a level of manual implementation which has the potential to slow down work-rate for vendors as Karolis Narvilas, Senior Penetration Tester at cyber consultancy Prism Infosec explains.
“In CrowdStrike’s case a fix was released within 78 minutes, the nature of the bug required system administrators to manually implement the solution on each affected device. When a large number of devices need manual fixes the workload can become overwhelming, further complicating the recovery process.
“[This] has brought to light several potential risks associated with the heavy reliance of global companies on a small number of cybersecurity providers, particularly concerning vendor consolidation and the coordination of incident response.”
Karolis also explains that during this kind of disruption to normally robust operations, affected security providers must support several clients at once which “can strain their resources and lead to delays in critical response.”
With the accolade of being one of the market leaders in cybersecurity, so too comes the burden of having to maintain exceptional levels of one’s own cyber infrastructure.
As vendors are not just protecting their client’s data, but are relied upon to protect the data of their clients customers also – great care must be taken to ensure that if there are vulnerabilities, these are immediately remedied.
The CrowdStrike incident is viewed as a stand-alone event and it was not caused by a cyber attack or a particular system vulnerability.
However, with the speed at which the news of the system crash travelled, one can imagine another outage caused by a programme vulnerability would be reported just as fast, giving malign actors a narrow window of time to expose the vulnerability before it is patched.
Security vulnerability within the whole ecosystem
Andersen Cheng, founder and chairman of Post Quantum believes the outage serves as a reminder of the fragility our interconnected technology ecosystem poses, as well as our overreliance on a small number of providers.
He also believes this poses an important question around the possibility of exploitation by cyber criminals, he said: “While not a cyberattack in this instance, imagine the chaos that could be caused if a nation state was able to exploit such a vulnerability in a coordinated and sustained attack.
“This shock to the system will now push many in the IT community to reassess their cloud strategies, but one has to plan and execute this strategy well before an incident, and the associated cost will leave it out of reach for most.”
With a review of cyber infrastructure and especially vendor reliance needed, businesses should be mindful that “While consolidation can simplify operations and reduce costs, it also introduces a single point of failure that can have far-reaching consequences.” says software solution APIContext’s CEO, Mayur Upadhyaya.
“Another issue is the lack of independent oversight. When a large number of organisations rely on a single vendor, it becomes more difficult to hold them accountable for security failures.”
Several recommendations from APIContext for a more resilient cyber strategy include third party risk management, continuous monitoring and testing, and perhaps most importantly – vendor diversity.
Cybersecurity leaders have earnt their share of the market by being some of the most resilient, highly staffed, resourced, adaptive and innovative players in the cyber world, meaning most businesses won’t be ending their contracts in favour of other vendors.
What may happen instead is a shift towards a wider balance of vendors, meaning more than one computer is responsible for data protection, software and cloud security, incident response, offensive and defensive cyber solutions.