0 likes0 views3 min

On Friday, July 19, 2024, IT departments all over the world experienced a massive cybersecurity incident. This incident I am talking about, was the misconfigured CrowdStrike update that impacted millions of Windows devices. And after every cybersecurity incident, it is time to talk about the lessons we learned.

No data was stolen or accessed by a cybercriminal and computers just couldn’t boot up.  It is important to remember cybersecurity is also concerned with the availability of devices and data. It is part of the CIA Triad (Confidentiality, Integrity, and Availability) which lies at the center of cybersecurity.

Confidentiality

Only those who need access have access. This means the person accessing the data is the only one who has access. It also means restricting their access to only what they need to perform their job duties. An example of this is, someone in payroll does not need access to the manufacturing line to verify if a machine is operational. Or it’s the machinist not needing access to the Sales team data. This also means limiting System Admin accounts and not allowing everyone having system admin access, this could also mean requiring extra logins for those who need System Admin access.

Integrity

The data is always trustworthy. So when someone opens a file and goes to use it, that file hasn’t been tampered with or changed, whether maliciously or accidentally. The person accessing the data  should be able to trust the file being opened as being accurate.

Availability

When access is needed, access is available. So when data or a device needs to be accessible for use, it is. It can also include accounts, online services, and so on.

After an incident

An important step after any cybersecurity incident is to review what happened and identify the lessons we learned. A few takeaways I have from the Crowdstrike incident are:

  1. Minimize pushing any updates on a Friday, unless they are critical updates that have been tested and approved
  2. Test updates on your devices before pushing to all devices, especially business critical devices
  3. Have an incident response plan in place and regularly test against it
  4. Be ready for anything

Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!

Cybersecurity