In addition to billions of dollars in damages, the Blue Death also brought valuable lessons

Last Friday, shocking news came from all over the world: from Australia to Western Europe to North America, a huge number of users, including many large global companies, faced the unexpected shutdown of their IT systems. A software update from cybersecurity firm CrowdStrike caused a serious bug that caused Microsoft-based systems to inject the key en masse, and the problem affected a number of industries.

The systems of financial services, airports and airlines, railways, hospitals collapsed with a “blue death”. Microsoft later indicated in a statement that the problem was only for machines running Windows It affected one percent, however, it still caused significant disruptions worldwide.

Just like experts in the global tech world, our company, United Consult (UC), has been monitoring events to provide our clients with up-to-date and credible information on potential risks and ways to avoid them. What happened has been a great lesson for the IT community, especially the cybersecurity community.

We can't be careful enough!

Balázs Lakatos, a UC marketing automation expert reported two important lessons from the case: on the one hand, it showed the weak points of cloud technology, and on the other hand, it also highlighted the reduction in response time for large companies.

“We can't be careful enough. The world of clouds is convenient and efficient, but there are a lot of settings that need to be made in order to be aware of even the near impossible cases in time and then be able to react to them. This requires appropriate error notifications, automatic data validations, and the providers' own incident notifications are essential,” said our colleague.

Balázs Lakatos finds that the larger a company, the more emphasis it places on avoiding possible — and almost impossible — risks. At the same time, however, there is a steady decline in time-to-market, overall response time, and increasing red tape, decreasing business efficiency.

“Even the biggest ones make mistakes. Instead of perfect security, it may be more worthwhile to establish processes that help manage incidents that occur, notify customers and colleagues in a timely manner, with proper segmentation. A well-built marketing automation or campaign management system can help with that, too.”— emphasized by the UC expert.

Maintaining cybersecurity is an ongoing activity

Our Head of Cybersecurity, D. István LaszloIt also monitored the events and their aftermath. According to him, one of the great lessons of the Crowdstrike case is that even large companies often lack a well-developed business continuity plan (BCP) or disaster recovery plan (DRP) or, if they exist, they are often neglected.

“In a world of increasingly integrated and synchronized systems, these designs are of paramount importance. When changes are made to a component, a review of the entire ecosystem is required. This requires constant activity, as the business processes and IT systems of companies are constantly changing,” our colleague shared his opinion.

He added that the problem was not simply the fault of the Crowdstrike update, but that several large companies did not have a suitable emergency scenario. The deficiency has led to global disruptions in many industries, and this no longer raises the responsibility of not only CrowdStrike, but also the operating companies. To make matters worse, several companies installed the update on backup systems, making them inoperable as well.

D. István László stressed that such updates should first be installed in a test environment. This is also evidenced by the fact that the companies that followed this protocol did not experience any problems. The outages mainly affected companies that implemented the update directly in the harsh environment.

Our colleague highlighted: there are different priorities for each industry to address these problems. While at an airport or airline, quickly restoring operations is the most important task in such situations, for a bank, the main goal is to avoid data loss.

Protecting our systems and data is not just a technology issue

“One incident like this is a good example that security is not a condition, but an ongoing activity. Due to the complexity of the systems, it is difficult to predict how each change will affect other points. Continuous practice and review are essential to guarantee operational security,” summed up the lessons learned by our cybersecurity manager.

Our customers and partners know that United Consult is committed to providing the highest level of security solutions in our daily work. Cases like Friday highlight that cybersecurity is not only a technological issue, but also an appropriate management of a combination of organizational and human factors.

As we have been doing for more than two decades, we will continue to do our utmost to ensure that our customers receive up-to-date and authentic information, so that not only their IT systems, but they themselves are prepared for possible cybersecurity challenges.

United Consult