The widespread computer outage caused by CrowdStrike’s faulty software update is generating a great deal of coverage and is a great opportunity for you to have an important conversation with your customers. Let’s look at the positives, this was not a Cyberattack or breach. This is a case of an update making systems inaccessible, with organizations seeing a bugcheck\blue screen error when they attempt to boot their systems. Airports, emergency systems, hospitals, and Microsoft 365 are just some of the industries and users that are currently struggling without access to their networks, data, and software solutions they rely on to work, support patients/customers, and communicate.
For organizations impacted, CrowdStrike is communicating developments, including potential fixes on their dedicated Windows Host Update Page. For a complete look at the timeline of this incident, visit the Azure Status Page. Follow the directions in these links to resolve issues. Cybercriminals and other ill-willed players may try and take advantage of this situation, please make sure to only communicate with trusted vendors or with CrowdStrike representatives in official channels.
If your customers are running CrowdStrike in their IT environment, and experience the bugcheck\blue screen error, the official guidance from CrowdStrike is to:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys” and delete it.
- Boot the host normally.
Your customer may not be able to get past step 1, which requires a local admin account. This is a security issue so admin accounts are often disabled. Check the CrowdStrike Windows Host Update Page for additional updates and approaches.
Why some customers on Windows Host may not be impacted. Updates are administered by Providers with some maintaining specific policies to hold back updates that are not deemed critical to give them time to assess the update. Cybersafe, for example, limits impact on customers by carefully reviewing version rollouts. Your customers may also have no exposure to this problematic update. CrowdStrike is just one Cybersecurity Provider option. Many other Providers have their own solutions, with their own updates, that support a large percentage of the market.
Redundancy and Backups Are The Key Takeaway For Business Continuity
Your customers can follow Cybersecurity best practices, including staying on top of updates, and still find themselves facing blue screens of death. While there’s been no breach, losing access to systems will comprise business activities by causing delays, hardships, lost revenue, and operating expense. Help your customers minimize the impact of bad updates, and cyberattacks like the recent CDK breach, by having backup and redundancy strategies as part of their IT and Disaster Recovery plans and policy.
Business Risk and Risk Management
Even well-respected companies with the best resources and specialists will make mistakes like we’ve seen today from CrowdStrike. Risk management and risk decision management are incredibly important for your customers to proactively provide a structured approach to identifying, assessing, and mitigating potential threats and unforeseen issues that could impact business operations, reputation, and profitability. No one product guarantees network and data safety or uptime. Partners can support their customers by helping them address their level of risk across their IT stack and operations including policies for how to react towards resource and personnel needs, and encouraging appropriate decisions that impact their resiliency against outages and cyberattacks.
As a Partner, you have many resources to help you – from your dedicated Channel Manager and Sales Engineer (find them listed on your Sandler Portal homepage) to resources in your Portal like conversation starters, the Cybersecurity Matrix, pre-built Marketing Center Campaigns, and my everyday favorite, the click-based Solutions Finder discovery sales tool, with searchable criteria from every one of our 200+ Providers. CORO, DYOPATH, SilverSky, and Cybersafe are great options to review along with several other Partner favored options you can keep top of mind when entering into conversations with your customers about Cybersecurity.
Your support team can be as heavily invested in the conversation as you want, being a part of the discovery/design stages with your customers or offering a more hands-off approach. While we hope events like this are infrequent, they are an opportunity to open Business Continuity and Cybersecurity conversations with your customers to ensure they are constantly updating their DR plans and policies to help mitigate downtime and risk. You can be crucial to helping organizations maintain their operations and remain secure while adding to your revenue. Make sure you involve your dedicated Sales Engineer, found in your Sandler Portal dashboard, if you need help engaging your customers in Business Continuity, Backup/Redundancy, and Cybersecurity conversations.
Author:
Eric Beller
Eric Beller, SVP, Sales & Complex Solutions, assists Partners with developing everyday technical solutions in the central region, and complex solutions across the nation. Our resident Cybersecurity expert, we leverage his technical and personal expertise to solve customer’s business problems while also ensuring an elevated experience.