Listen to this articleWhile the recent global CrowdStrike outage last month spared Long Island businesses from the worst impacts, it highlighted the need for more robust proactive measures to prevent future incidents.
Financial and tech experts on Long Island say the best defense isn’t just cybersecurity technology, but the right technology. It could mean the difference between keeping a business functioning online and having difficult discussions with customers and business partners.
The problem began last month when a software update from cybersecurity firm CrowdStrike proved to be flawed, crashing mission-critical computers around the world. Airlines, banks and many Fortune 500 companies reported major outages lasting several hours to several days.
“The CrowdStrike incidents underscore the importance of cybersecurity, but also raise concerns about entrusting enterprise technology to companies that may not always prove reliable,” said Chris Coluccio, CEO of Ronkonkoma-based Techworks Consulting.
“It is concerning that an application like CrowdStrike or similar tools could potentially disrupt our business operations without major countermeasures due to negligence,” Coluccio added. “This underscores the need to understand the potential impact of any technology we implement and have a robust continuity plan in place.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) estimated that the CrowdStrike outage was due to a logic error in the CrowdStrike Falcon sensor update, which affected over 8.5 million Windows devices. Malicious actors exploited the outage for phishing attacks. CISA stressed the importance of following CrowdStrike’s remediation guidelines.
+and maintaining robust cybersecurity
Measures.
In its public report on the outage, the agency stated: “CISA urges organizations to ensure they have robust cybersecurity measures in place to protect their users, assets, and data from this activity.”
Daniel Ford, chief information security officer at Jovia Financial Credit Union in Westbury, said the CrowdStrike outage had no impact on the institution’s customers.
Ford said Jovia’s strategy is to “take a proactive stance that incorporates predictive measures and rigorous testing. Unlike many organizations that are content with regulatory compliance, we have embedded cybersecurity into our DNA and made it a strategic imperative.”
Ford points out that Jovia’s safety strategy is based on “continuous improvement” – an approach that sets higher standards with each advancement.
“Unlike reactive competitors, our proactive posture, reinforced by rigorous supplier oversight, ensures our operations meet our service level agreements,” Ford said. Jovia’s commitment to resilience “is an integral part of our strategic success” and “unwavering commitment to risk management,” he added.
Like other technology and security experts, Sharif Alexandre, chief technology officer at ConnectOne Bank, which has offices in Astoria and Melville, said the critical time to respond to events like the CrowdStrike outage is long before they occur.
“As technology continues to play a critical role across industries, companies must take the right steps to prepare for potential outages or other incidents,” said Alexandre.
In addition, Alexandre pointed out that the institution has contingency plans that it follows in critical times such as last month, including disaster response manuals that are constantly being tested.
“In such a case, we would act quickly and mobilize the appropriate team members to form an internal working group, run through the appropriate disaster recovery processes and, most importantly, communicate with our customers to ensure they are aware of the situation,” said Alexandre. “Good communication is essential to be able to respond appropriately.”
Evidence of this may be the numerous complaints received by companies such as Delta Airlines, which continued to struggle with further flight cancellations and other disruptions for days after the CrowdStrike outage.
With technology constantly evolving and cyber intrusions and technical failures posing ever-changing threats, one of the biggest challenges for businesses of all sizes is staying one step ahead.
For example, Techworks’ Coluccio found that smaller companies can be more attractive targets than larger companies: Larger companies tend to have invested more in security and business continuity.
But for companies of all sizes, change is a constant.
“Certainly, the rise of AI technologies such as deepfakes and large language models such as ChatGPT are already being exploited by malicious actors,” said Coluccio. “These tools are making it increasingly difficult to distinguish truth from lies and allowing criminals to find vulnerabilities in our systems more quickly.”
He added: “We still see many business owners placing a lot of trust in their current IT vendors, whether outsourced or in-house, because they assume they will manage their cybersecurity effectively. However, this is not always the case.” Coluccio said he recommends that all companies should conduct a comprehensive IT audit that is reviewed and understood not only by IT, but also by business owners and managers.
Perhaps underscoring Coluccio’s point: CrowdStrike itself. In its debriefing report on the incident, the company noted that “security products can quickly adapt to new threats through regular updates, ensuring robust protection for users and their systems.”
And CrowdStrike’s response? The company said it would improve its own testing and introduce additional controls in software updates “to prevent similar issues in the future.”
