Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the early morning of July 19, a software update to CrowdStrike’s Falcon sensor started to cause one of the most extensive IT outages in history, affecting several industry sectors, including financial services, healthcare, transportation, and others. According to CrowdStrike, the outage stemmed from “a defect found in a Falcon content update for Windows hosts.” At this point, the software update has not affected Mac and Linux systems.

With businesses increasingly relying on digital systems, the combination of governance, risk management, and compliance (GRC) has become essential for an effective cybersecurity strategy. This framework helps organizations manage cyber risks, comply with regulations, and protect sensitive data.

In today’s digital landscape, the importance of robust cybersecurity measures cannot be overstated. Yet, despite the clear and present danger posed by cyber threats, many organizations still underinvest in cybersecurity, operating under a false sense of security. This complacency can be incredibly costly, as the financial ramifications of cybersecurity breaches are staggering.

As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.

Cybersecurity regulations often include audits that assess and strengthen an organization’s defenses against increasing cyber threats. In the United States, various cybersecurity regulations, including HIPAA, SOX, PCI DSS, and more, require audits. Each audit ensures your organization meets the required standards outlined in the regulation while also strengthening its overall cybersecurity framework.

Over the last decade, cybersecurity has emerged as a critical concern for financial institutions. With cyberattacks increasing in frequency and sophistication, it has become imperative for institutions in the financial sector to safeguard sensitive data and implement robust data protection measures. The Dodd-Frank Wall Street Reform and Consumer Protection Act, commonly known as the Dodd-Frank Act, plays a crucial role in regulating the American financial services industry.

Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners can experience issues. Today, a widespread outage impacted CrowdStrike Falcon, affecting the global supply chain.

In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.