CrowdStrike outage: impact and response

On Friday 19th July 2024, organisations around the world experienced a computer outage. The issue was determined early on to be non-malicious. Australia first discovered the issue, and as dawn broke across Europe, many business and transportation entities found their systems had been adversely impacted. Many businesses, notably banks, airlines, trains, supermarkets and TV stations, were unable to operate due to the issue.

IT security firm CrowdStrike was at the centre of the matter. They were engaged in installing an update to their Falcon platform, an antivirus tool, when it was determined the update had a defect. To work on a remedy, CrowdStrike booted systems offline. It is noted that the faulty update only affected Windows-based systems. Linux and Apple computers and devices have been unaffected thus far.

While a fix has now been issued, the knock-on effect from the widespread IT failure has been felt across the world, and businesses have suffered delays and difficulties stemming from the event. In the UK, there was major disruption to NHS systems in GPs surgeries, pharmacies and hospitals, affecting management of appointment bookings, patient records and issuing of prescriptions.¹

CrowdStrike’s response

In response to the outage, CrowdStrike has pushed a “technical alert” on their customer portal containing up-to-date information about the issue, provided steps being taken to resolve the incident and issued guidance for affected users. If you are still experiencing issues with your systems, we encourage you to immediately refer to this resource to assist with restoring functionality.²

Client impact

The outage has had varied levels of impact on clients, depending upon their reliance on the Falcon platform. Many operations found themselves unable to do business or conduct business transactions. Others simply found themselves at a standstill to conduct day-to-day operations as systems slowly came back online.

As of 25th July, 97% of affected systems running the Falcon software are now back online, according to a statement issued by CrowdStrike CEO George Kurtz posted on LinkedIn last week.

However, the long-term effects are yet to be determined, with experts predicting that the total damages to Fortune 500 companies alone will amount to approximately $5.4 billion.³

Next steps

1. If you are still unable to access your systems, it is important to apply mitigation steps. We understand that current guidance is to reboot affected hosts, but if this is not successful, CrowdStrike has released guidance on steps that should be taken to manually remove specific files. Customers should regularly check CrowdStrike’s customer portal and their official website for updates, as well as continue to monitor systems for performance and stability.
   
   
2. Be vigilant and on the lookout for potential phishing campaigns. Researchers have warned that attackers have reserved domain names and have created websites to appear as CrowdStrike Support. It is important to remind employees of the official steps being taken around the CrowdStrike matter. It is critically important to not provide sensitive information or passwords to anyone purporting or pretending to be a CrowdStrike customer service representative.
   
   
3. While it is difficult to assess coverage on a large-scale basis, there may be dependent or contingent business interruption for system failures available in your cyber liability policy, if purchased. We encourage clients to keep track of all expenses, invoices and costs that have been incurred during this period to discuss with your account handler and insurer.
   
   
4. If you believe you have been impacted by the CrowdStrike outage, please contact your NFP account handler. At NFP, we are well positioned to assist with navigating notification requirements, advising on  breach firms and providing response support that can be found within your policy.
   
   
5. This outage highlights the need for organisations to have business continuity, disaster recovery systems and plans to minimise downtime when this type of event occurs. Those systems and plans should be regularly tested.

Conclusion

NFP and our cyber insurance team remain committed to providing support and guidance during this time. If you are experiencing a cyber incident, please contact your NFP account handler for assistance.