Thought Leadership

Three Organizational Best Practices Highlighted by the CrowdStrike Incident

August 26, 2024 Advisory

From flight cancellations to malfunctioning hospital systems and everything in between, it would be next to impossible to find an organization that was not impacted by the CrowdStrike outage incident that took place on July 19, 2024. CrowdStrike, a Texas-based cybersecurity company, released a faulty software update to its security software used on Microsoft Windows computers which caused approximately 8.5 million systems throughout the world to crash in what is believed to be the largest systems outage in information technology history.

The CrowdStrike outage incident underscores the importance of three key takeaways: 1) internal policies and procedures should strive to prevent outages; 2) solid vendor contracts are crucial for managing risk and clarifying roles; and 3) incident response and business continuity plans should address vendor vulnerabilities.

1. Internal Policies and Procedures Should Strive to Prevent Outages

The CrowdStrike incident highlighted the difficulty organizations face when critical vendors experience outages or incidents. Because it is not always an option to pivot away from using certain vendors that are critical to the organization’s operations, mission or infrastructure, organizations instead must be prepared to address and remediate issues when they arise. There are several policies and procedures that organizations should implement to address and prevent a similar outage from causing major disruptions to their business practices:

  • Business continuity plan: identify the systems, vendors and tools the organization relies upon to operate. Determine the criticality of the system, vendor, or tool, and the potential impact to the organization if the system, vendor, or tool is unavailable to the organization for various intervals, ranging from a few minutes to several days in the event of a zero-day scenario that requires extensive fixing. Prepare for the worst and develop a backup plan for operations if the tool, system, or vendor is unavailable. 
  • Effective patch management: test patches in a controlled environment before fully deploying a software update to prevent the introduction of issues into the broader system. When your organization relies on a third-party vendor or organization to provide a patch or update, develop a system to ensure your organization is notified or aware of all patches and updates, including a schedule for implementation based on the criticality of the patch or update.
  • Security safeguards: implement recommended security safeguards and practices – such as network segmentation and access controls – to reduce the introduction of faulty software at the system level.
  • Adequate employee training: train and prepare employees at all levels to identify and address software-related issues, which can assist with avoiding critical outages. Train employees how to react to systems outages, including steps they should and should not take in the event of an outage.

2. Solid Vendor Contracts are Crucial for Managing Risk and Clarifying Roles

Although CrowdStrike has been proactive in rectifying the outage, not all software vendors are willing to provide remedies to their customers without a formal obligation to do so. Many software agreements provide customers with the option to terminate the contract in the event of an outage, but this remedy does not help organizations pick up the pieces when an outage leads to major financial and operational losses. Ideally, software agreements should specify the parties’ responsibilities in the event of outages, including whether all parties have responsibilities, and should further specify what those responsibilities are, as applicable.

3. Incident Response Plans Should Address Vendor Vulnerabilities

Due to the sheer amount and different types of software used by organizations, not all outages can be avoided. It is imperative that organizations implement incident response plans, including Business Continuity and Disaster Recovery (BC/DR) measures, to mitigate the impact of faulty software updates on an organization’s operations.

The CrowdStrike outage has revealed just how vulnerable organizational systems can be in the event of a faulty software update. The above three considerations are proactive and preventive risk mitigation techniques that organizations can adopt to be more prepared if and when a similar outage occurs. Our Data Innovation, Security and Privacy lawyers can assist you with determining how your business operations may be impacted by cyber events and with crafting tailored compliance solutions. For more information specific to your business needs, please contact one of the listed authors or your regular Armstrong Teasdale lawyer.

Contact Us
  • Worldwide
  • Chicago, IL
  • Denver, CO
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
Worldwide
abstract image of world map
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware