Take a Product Tour Request a Demo Cybersecurity Assessment Contact Us

Blogs

The latest cybersecurity trends, best practices, security vulnerabilities, and more
A CISO’s Perspective on the CrowdStrike Outage

A CISO’s Perspective on the CrowdStrike Outage

It’s been a challenging time for CISOs recently. Since the global tech outage in July, I’ve had several conversations with many of my peers in the industry. Whether you were a CrowdStrike customer or not, the outage affected everyone in cybersecurity to some degree. I’ve been a CISO for years, but this was the first time I had people in my community actively interested in what I do and wanting to talk about cybersecurity.

I can relate to what many CISOs are going through, and I want to share a couple of thoughts on these events.

The impact isn’t just operational – it’s also personal

First, I know the pain and the challenge of going through an event like this. For some of my peers, it was very difficult. In the early hours of the outage, they didn’t have enough detail to know what was happening. Some of them believed their organization was facing a ransomware attack or other serious malware event.

As we saw in the media reports, the outage caused significant instability and operational disruption. There’s not only impact to the business, but for CISOs there’s also a personal impact. The entire business may have gone offline because of a piece of software that your team runs. This was not an event that just happened to companies. There are individuals that feel more accountable, more impacted, more responsible for what happened than anyone else.

Imagine yourself as a CISO, going into an organization and making a strategic decision to deploy a particular technology. You're successful in getting buy-in and you roll it out. Then, within a few months of your decision, you have a significant event occur on your watch based on your decision. Afterward, you might feel isolated and disconnected from the executive leadership team. You might worry about the impact to your career and livelihood. So, where do you go from here?

Evaluating your technologies post outage

After a significant event, you may face questions from the leadership team about the technologies you’ve deployed. First, recognize that many organization leaders don’t have a deep understanding of these solutions. To answer any questions that may come up, it’s important to look at your roadmap and evaluate whether or not you feel that the technologies you've deployed are really aligned with what you need within that organization.

Different providers take different approaches to architecture, security content, and code updates. Trellix, for example, has fundamentally different views from CrowdStrike on how technology updates should be deployed. We take a "responsible security approach" built on transparent architecture, capabilities, and operations. Philosophically speaking, Trellix maintains that the kernel is sacred and must be protected. The customer should be responsible for determining when and how those changes get rolled out.

I encourage you to deeply research this yourself and to do the due diligence in evaluating the architectural differences between different providers to make a sound decision.

Rebuilding trust

Evaluating your technologies is just one part of addressing the outage, however. There's a broader conversation that needs to happen where CIOs and CISOs need to ensure that they have rebuilt trust. Ultimately, CISOs have a responsibility not just for helping to protect their organizations from cyber threats, but also helping the organization to be more resilient. How do CISOs rebuild trust that the organization is protected and resilient?

In my view, trust comes from transparency. Trust comes from having conversations with executive leaders like your CFO, your business operation heads, and other function area heads. It gives them an understanding of how these technologies work, what you're doing to help mitigate events like this in the future, and what other architectural changes might be needed to help foster your resilience.

Every opportunity, every situation, whether you're a CrowdStrike customer or not, is an opportunity to educate. I encourage you to take advantage of these moments to form deeper, more meaningful relationships with your stakeholders within the organization and of course, communicate back to the board.

I’ll be speaking more on this topic at the Trellix GenAI Powered Responsible Security Virtual Summit and please join me at the upcoming webinar, What Is Responsible Security Post the CrowdStrike Outage?

Get the latest

We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.

Please enter a valid email address.

Zero spam. Unsubscribe at any time.