South Jersey BIZ - Issue #10 (October 2024)

zoom_in

SJBiz_Cyber Security Dept_1024FINAL.qxp_Layout 1 10 / 7 / 24 2 : 20 PM Page 1 outage , a failure of that nature could grind the organization to a halt , ” Roubos C Y B E R S E C U R I T Y adds . South Jersey Biz also spoke with sev - eral other tech experts from across the area to get a better sense of how com - panies can try and thwart future issues while boosting their overall cyber pro - tection . From your viewpoint , how did the recent CrowdStrike outage under - score the importance to be proactive when it comes to cybersecurity ? “ The recent CrowdStrike incident high - lighted the potential risks associated with software updates . For instance , a soft - ware vendor may release updates for various reasons , including bug fixes , en - hanced usability , new features and se - curity improvements . However , without rigorous testing and proactive manage - ment , these updates can inadvertently introduce new issues . “ While these updates are essential to prevent vulnerabilities and enhance A Protection functionality , it’s crucial that both soft - ware companies and the managed serv - ice providers ( MSPs ) who utilize their software conduct thorough testing on Plan dedicatedtest machines before deploy - ment . This ensures that any potential is - sues are identified and resolved in a con - The CrowdStrike outage over the summer highlighted the trolled environment , minimizing the risk unpredictability of a software disruption and the importance of disruptions in live systems . ” — Michael Barson , chief technical officer of having a thorough security strategy in place . and co - founder , VoIP Doctors [ by Peter Proko ] “ The CrowdStrike failure was due to a henthe CrowdStrike IT outage struck back in mid - July , repercussions breakdown in testing before releasing were felt across the globe . Hospitals , airlines , emergency service re - for deployment . We believe everything sponse systems and countless businesses were some of those im - should be rolled out in stages . Starting pactedwhen the supposed routine software update failed and caused fromtesting in the lab , to testing a small W widespread disruption with nearly 8.5 million systems crashing simultaneously . subsetof production computers prior to Withmany industries affected and the estimated billions of dollars in financial damage , releasing to all systems . This way you the outage reinforced the need for strong cybersecurity protection . While this event was makesure everything is working properly certainly unfortunate and unforeseen , so too are the many attacks that pose a threat to and tested before deploying . This companiesday in and day out . methodology would’ve avoided the Protecting yourself from the various risks that linger requires a proactive approach that CrowdStrike failure . ” requiresconstant management and testing of one’s cybersecurity system . Often that means — James Gloner , vice president , preparing for not only the threats you know exist , but also the ones that you have not en - WinstecTechnologies countered before as bad actors evolve their technological capabilities . Demetrios Roubos serves as Stockton University’s information security officer as well as What kind of vulnerabilities exist an adjunct professor in computer science . From his viewpoint , the CrowdStrike outage un - when one vendor has the power to doubtedly raised some eyebrows , especially since the company’s tool works by gaining ac - bring global industries to a screech - cess to a computer at a very low level . ing halt as we saw with this outage ? “ It certainly caused alarm in the industry that this thing could happen in general and it “ CrowdStrike exposed the risk of ven - alerted cybersecurity practitioners about the dangers of running such low - level tools , ” he dor - induced vulnerabilities associated says . “ Essentially , when one of those components at such a low level fails , like what we saw with choosing a single - vendor , without with the update that was pushed out there , it can create a catastrophic failure across all preparing redundant or alternative so - these systems . … Because their tool interacts at such a low level , it was able to create a lutions . Having a single point of failure service interruption that was very difficult for IT teams to mitigate . cancreate a wide - spread bottleneck on “ If was running a Fortune 500 company , one of my IT controls might take into account supply chains , where even the smallest what driver - level services are being installed on my systems . As we saw with the CrowdStrike failurecan shut down all connected sys - 10 | SOUTH JERSEY BIZ | VOLUME 14 ISSUE 10 | SouthJerseyBiz.net

view text

zoom_in

SJBiz_Cyber Security Dept_1024FINAL.qxp_Layout 1 10 / 7 / 24 2 : 20 PM Page 2 tems , as demonstrated by reliance on CrowdStrike in recent events . — David Suleski , founder and president , # TechStarters “ CrowdStrike’s security platforms have cer - tainly been immensely beneficial for organ - izations defending against cyber attacks . Their success has resulted in greater adop - tion of their ecosystems and a ‘ platformiza - tion ’ approach to security . However , there is a legitimate question on the dangerous concentration of risk and denial of service vulnerability . This situation underscores the need for thoughtful diversification in critical services and technologies . Business re - siliency should be a key component of any cost - benefit analysis when adopting these new technologies . ” — Divyesh Malkan , president , Information Systems Security Association - Delaware Valley chapter Is there anything companies can do to be better protected ? “ The recent CrowdStrike debacle highlights the critical need for proactive cybersecurity management . This incident underscores the importance of rigorous testing and valida - tion of updates before deployment . It also emphasizes the need for continuous moni - toring and incident response planning to quickly address and mitigate any issues that arise . “ To mitigate risks , companies can en - hance security and adopt a zero - trust ap - proach ensuring that every access request is verified , regardless of its origin . … To pre - vent similar failures in the future , companies can adopt staggered rollouts , invest in ro - bust disaster recovery systems , regularly , and proactively review and improve cyber - security policy and posture . ” — David Suleski “ All companies need to realize that a lot of what is being utilized is not new . Not mean - ing to burst anyone’s bubble here , but the cloud is not magic . Websites that take the place of software you used to purchase and install on your server is not a cheap silver bullet , and nothing in the cloud is actually cheaper . To that end , companies need treat any cloud or web - based solution just like they did when they had a data center . It needs to be backed up . You need a redun - dant system , or secondary system , or down - time manual process for everything you deem critical . The reason some outages are so severe is because of the lack of invest - ment in disaster planning and redundancy . So often , this is left out of return on invest - ment calculations when deciding to move to the cloud in the first place , and as such , SouthJerseyBiz.net | VOLUME 14 ISSUE 10 | SOUTH JERSEY BIZ | 11

view text

input

view_module

keyboard_arrow_left

keyboard_arrow_right