If the software your organization uses to close deals and pay employees unexpectedly went down and you had no idea when it would be fixed, what would you do? Could you continue doing business?
Just recently, a major IT outage caused by a faulty update from cybersecurity firm CrowdStrike brought businesses around the globe to a standstill. The fallout from this incident was severe, affecting critical services and leaving many organizations scrambling to maintain operations.
Unfortunately, as businesses were grappling with the disruption, cybercriminals saw an opportunity to exploit the crisis.
What Happened?
The recent global IT outage stemmed from a defective update to CrowdStrike’s “Falcon” cybersecurity software for Windows systems. This malfunction triggered Microsoft’s infamous “blue screen of death,” impacting a global wide service—from emergency call centers and hospitals to banks and airlines. While CrowdStrike and Microsoft worked to resolve the issue, the downtime highlighted a significant vulnerability: our dependence on a few major vendors for critical IT services.
How the IT outage gave rise to scams
Despite assurances from CrowdStrike CEO George Kurtz that the outage wasn’t caused by malicious activity. Various cybersecurity agencies, including the UK’s National Cyber Security Centre (NCSC) and Australia’s Signals Directorate (ASD), issued urgent warnings about a surge in phishing attempts and scams targeting vulnerable businesses. Scammers posed as representatives from CrowdStrike and Microsoft, deceiving small business owners into providing sensitive information under the guise of offering a “fix” for the outage.
This situation is particularly alarming due to the rapid effort by cybercriminals to take advantage of the disruption. By impersonating trusted companies during widespread confusion, they significantly increased their chances of successfully scamming their targets. This highlights the ever-present risk of phishing and underscores the critical need for robust cybersecurity measures.
What’s Next?
Unlike larger organizations, small businesses often lack the IT infrastructure and dedicated security teams to quickly address such disruptions.
This incident should serve as a wake-up call for all business leaders. If you don’t have a business recovery and continuity plan in place, you’re putting yourself at risk. And if you do, you need to ask yourself if it is high-quality, tested often and able to handle a large-scale attack where multiple operational systems are disabled. If the answer is no, it’s time to do something about it.
We’ll do a FREE Security Risk Assessment that will achieve two important things:
- We’ll thoroughly examine your network to identify any weaknesses that could be exploited during an IT outage. This assessment will reveal if and where an attack could occur, and we’ll provide solutions to patch these vulnerabilities, ensuring you’re not setting yourself up to be the next victim.
- Cybersecurity is an essential and necessary element of doing business, but even the most robust security solutions are not 100% foolproof. We’ll help you determine a continuity or recovery plan tailored to your organization’s needs, ensuring you can continue doing business even if a third-party service, like Microsoft or CrowdStrike, goes down.