This client alert provides an overview of the current global IT outage that is related to a CrowdStrike update. We provide an overview of CrowdStrike's response and guidance, and Aon Cyber Solutions' recommendations for affected clients
This alert describes a quickly changing situation. The information contained herein is based on publicly available information believed to be accurate at the time of publishing, Aon has not verified such information independently, and cannot guarantee the accuracy, adequacy, completeness of such information. Aon accepts no liability for any loss incurred in any way whatsoever by any person who may rely on it, and any recipient shall be entirely responsible for the use to which it puts this information. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity and we recommend seeking appropriate professional advice to address a specific situation.
Overview of the Current Situation
On July 19, 2024, many organizations around the world experienced an outage following a recent update of the CrowdStrike solution. The Falcon Sensor on Windows platforms is the only known component to be affected. At the time of writing, the outage has led to boot issues on affected systems. Based on public reporting to date, there is no evidence to suggest that this situation is the result of an external compromise.
CrowdStrike Response and Guidance
In response to the outage, CrowdStrike has published a technical alert on their customer portal containing up to date information about the issue, steps being taken to resolve it, and guidance for affected users. We encourage all affected users to refer to this resource to assist with restoring functionality to their Windows systems.
Aon Cyber Solutions Recommendations
Based on the information available at the time of publication, the following steps may assist organizations impacted by this outage:
1. Apply Mitigation Steps:
We understand that current guidance is to reboot affected hosts. If a reboot is not successful, CrowdStrike have released guidance on steps that should be taken to manually remove specific system files. Customers should regularly check CrowdStrike's customer portal and their official communication channels for the latest updates and instructions. It is important to note that BitLocker recovery keys and administrative passwords may be required to enact changes on affected systems, so ensure that these are backed up and readily accessible.
2. Monitor Systems:
Continuously monitor the performance and stability of your systems after applying the fix. Report any anomalies to CrowdStrike support immediately.
3. Contact Cyber Insurance Brokerage to Discuss Notification:
Impacted clients should contact their cyber insurance broker to discuss potential impact. The facts and circumstances of a particular company's situation will impact how coverage might apply to the event, and your brokers should be well positioned to assist with navigating notification requirements and potential support.
4. Long Term Considerations:
This event highlights the need for organizations to have business continuity and disaster recovery systems and plans to minimise downtime. Those systems and plans should also be regularly tested. Organizations should review their backup regime to ensure data is protected and can be restored in similar incidents.
Conclusion
The current outage affecting CrowdStrike users is a reminder of the dynamic nature of cybersecurity and the importance of robust incident response protocols. While the situation is still ongoing, the swift actions taken by CrowdStrike and the collaborative efforts of the cybersecurity community highlight the resilience and adaptability necessary to manage such events.
Aon Cyber Solutions remains committed to providing support and guidance during this time. We will continue to monitor the situation closely and provide updates as more information becomes available.
If you are experiencing a cyber incident, please contact our cyber response teams for urgent breach assistance using the details listed here - https://www.aon.com/en/capabilities/cyber-resilience/cyber-breach-assistance. For all other enquiries, please contact us via the general enquiries section on that page.
