The Aftermath: Who is to Blame, Microsoft or CrowdStrike or both?

The Aftermath: Who is to Blame, Microsoft or CrowdStrike or both?

Guest writer Kevin Landers asks the question we all have asked after the recent CrowdStrike failures in, “The Aftermath: Who is to Blame, Microsoft or CrowdStrike or both?”

The recent lawsuit and threat of additional legal action by Delta has left many questioning who should be held accountable: Microsoft, CrowdStrike, or both?

You have to be living under a rock not to have heard about the incident. In mid-July, a significant IT outage affected 8.5 million Microsoft Windows machines, resulting in operational and financial damages estimated in the billions of dollars.

The Fallout Begins: Legal Actions and Blame Game

As the dust begins to settle, the next phase in such incidents, the lawsuit stage, has commenced. Shareholders have already filed at least one class action lawsuit against CrowdStrike, and Delta Air Lines might soon join the fray. In an interview with CNBC, Delta Air Lines CEO Ed Bastian revealed that the July 19th outage, triggered by a CrowdStrike update, cost his company half a billion dollars over five days. The airline had to cancel over 5,000 flights, and blue error screens were visible at airports days after the initial crash. Delta incurred significant costs, including physically resetting over 40,000 servers and compensating affected travelers.

Where Does the Responsibility Lie?

The primary question now is: who is to blame for this fiasco?

CrowdStrike’s Accountability

At the forefront of the controversy is CrowdStrike, whose apparent negligence led to the cybersecurity provider pushing a kernel-accessing content update through flawed QA-testing software. The criticism directed at CrowdStrike is severe and, many argue, well-deserved. Their oversight caused substantial operational disruptions and will likely face significant legal repercussions.

Microsoft’s Role

Microsoft’s role in this incident is also under scrutiny. However, the situation isn’t as straightforward. To understand this, it is essential to delve into the background of how Microsoft’s developer tools work.

Microsoft provides developers with various layers of access to the operating system, from high-level UI features to low-level system kernel functions. This tiered access system has traditionally ensured the safety of Windows desktop applications. However, a 2009 EU regulatory ruling forced Microsoft to grant third parties more kernel access, aiming to create a level playing field between third-party security vendors and Microsoft’s own products.

Opinions and Arguments

Argument 1: Microsoft’s Limited Accountability

Some argue that Microsoft cannot be held fully accountable, as they were compelled by regulatory requirements to provide more kernel access. The company was forced into a position where it had to allow third-party developers, including security vendors, the same access as its own products. From this perspective, Microsoft’s hands were tied, and the responsibility for the flawed update lies squarely with CrowdStrike.

Argument 2: Microsoft’s Responsibility

On the other hand, some contend that Microsoft still had a responsibility to ensure the safety and integrity of kernel-level code. Critics argue that Microsoft should have implemented more rigorous testing or alternative approaches, such as creating an out-of-kernel API for security vendors to use. The fact that a flawed update could cause such widespread damage suggests a lapse in Microsoft’s oversight.

The Broader Implications

This situation raises broader questions about Microsoft’s approach to software development. Has the company prioritized feature cramming and quick releases over quality, testing, and maintenance? The incident with CrowdStrike might indicate a shift in focus that could have far-reaching implications for the software giant and its users.

Conclusion: A Prolonged Legal Battle Ahead

As the legal proceedings unfold, it is clear that this will be a lengthy and complex case. Both CrowdStrike and Microsoft will likely face intense scrutiny as the courts determine who bears the ultimate responsibility. The outcome will not only affect these companies but also set a precedent for how similar cases might be handled in the future.

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.

Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks

Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks

Guest writer Kevin Landers tackles a huge source of anxiety for many of us in the digital age, our online security. Read on for, “Moving Beyond Annual Inspections: The Importance of Monthly Cybersecurity Checks.”

In today’s rapidly evolving digital landscape, cybersecurity has become a critical concern for businesses of all sizes. Regulations and guidelines from the Federal Trade Commission (FTC) and even cyber liability insurance providers mandate an annual security check. But if you look at the facts about how criminals operate, it is clear that this frequency is insufficient. 

Did you know that the average time a cyber attacker resides in a system before detection is 290 days? This means that a breach could go unnoticed for nearly ten months if you conduct security checks only once a year. By the time the annual inspection rolls around, the damage could already be extensive, potentially costing the business in terms of data loss, financial penalties, and reputational harm.

Businesses should consider monthly cybersecurity inspections to ensure their systems remain secure and resilient against potential threats.

The Regulatory Baseline: Annual Checks.

The FTC and most cyber liability insurance providers require organizations to perform security checks at least once a year. This requirement is aimed at ensuring that companies maintain a basic level of cybersecurity hygiene. The process typically involves a high-level meeting with executive leadership and stakeholders, followed by a series of scans on a handful of computers. These scans generate reports highlighting any vulnerabilities or breaches, with a follow-up meeting to discuss the findings and necessary actions.

Being Basic is not Good Enough.

While annual checks are a regulatory requirement, more is needed for effective cybersecurity management. A yearly inspection can leave significant gaps in the fast-paced world of cyber threats. Cybersecurity is not a “set it and forget it” task; it requires continuous monitoring and regular updates.

In our experience conducting these assessments over the past five years, we have never encountered a dealership without vulnerabilities. Whether it is outdated software, weak passwords, or other security lapses, there is always something to address. Relying on annual checks means these issues could remain undetected for months, giving cybercriminals ample time to exploit them.

Benefits of Monthly Security Checks.

  1. Proactive Threat Detection: Monthly checks enable businesses to detect and mitigate threats quickly. Regular scans and reports ensure that vulnerabilities are identified and addressed before they can be exploited.
  2. Compliance and Peace of Mind: Although the FTC and insurance providers recommend annual checks, exceeding these requirements by conducting monthly inspections demonstrates a proactive approach to cybersecurity. This can provide stakeholders, customers, and regulatory bodies peace of mind.
  3. Continuous Improvement: Cybersecurity is a constantly evolving field. Monthly checks allow businesses to avoid new threats and adapt their security measures accordingly. This continuous improvement cycle helps maintain a robust defence against cyber-attacks.
  4. Building a Security Culture: Regular interactions between IT teams and leadership foster a culture of security within the organization. This ongoing dialogue helps demystify cybersecurity, making it a shared responsibility rather than a specialized isolated task.
  5. Overcoming the Intimidation Factor: Many business leaders find cybersecurity intimidating due to its technical complexity. However, it is crucial to break down these barriers and communicate in plain language. Monthly security checks offer an opportunity to educate stakeholders about the importance of cybersecurity and the specific actions being taken to protect the organization. By translating technical jargon into understandable terms, we can help leaders make informed decisions about their security posture.

Conclusion.

In conclusion, while annual cybersecurity checks meet the minimum regulatory requirements, they are insufficient in today’s threat landscape. Monthly inspections provide a more proactive and effective approach to managing cyber risks. By committing to regular security assessments, businesses can protect their data, maintain customer trust, and ensure long-term success. Do not wait for a breach to highlight the gaps in your security—take action now and make monthly cybersecurity checks a core part of your business strategy.

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.

Are Cybersecurity Vulnerabilities Haunting Your Dealership?

Are Cybersecurity Vulnerabilities Haunting Your Dealership?

Kevin Landers is the President of rocketwise – an IT and Cyber Security firm based out of Knoxville, TN. He and his team support equipment and commercial truck dealers across North America. He makes his initial blog post for Learning Without Scars with, “Are Cybersecurity Vulnerabilities Haunting Your Dealership?”

Kevin possesses the unique ability to understand, and explain in non-threatening and non-technical ways how technology, business and team members work with, and sometimes, against each other. He has an innate ability to understand how technology works at the basic conceptual level and how it interacts with hardware, software, networking, people and business processes. A rare combination in today’s technology arena. 

He puts these abilities to work daily to make dealerships better by enabling them to deliver extraordinary service with rocketwise’s “Dealer Ally Success Platform”.

Kevin lives in Tennesse with his bride Summer, and their two sons – Caleb and Isaiah.

Let’s delve into a topic that’s crucial for dealerships like yours – cybersecurity. While you might not have old skeletons hidden away, there’s a good chance that cybersecurity vulnerabilities are lurking in the shadows, just waiting to cause trouble. You can’t address what you can’t see, which is why it’s time to shed light on these hidden dangers. This will empower you to take initiative-taking measures to safeguard your dealership from potential cyber threats. Here are some of the most common cybersecurity challenges faced by dealerships:

Outdated Software: The Neglected Nightmare

We understand that updating software can be a hassle, but running outdated software is akin to leaving the dealership doors wide open for hackers. When software vendors release updates, they often include crucial security patches that plug vulnerabilities. Don’t let outdated software haunt your dealership’s digital presence. Keep everything up to date to fortify your online defenses.

Weak Passwords: The Gateway for Cyber Intruders

If your passwords are weak, it’s like handing over the keys to your dealership to cybercriminals. Using predictable passwords like “123456” or “password” is a big security no-no. Instead, establish robust and unique passwords for all accounts and devices. Consider a mix of upper and lowercase letters, numbers, and special characters. Password managers can be invaluable for generating and securely storing complex passwords. As a dealership owner, set guidelines for creating strong passwords and employ software to enforce this policy.

Unsecured Wi-Fi: The Vulnerable Entry Point

Imagine a scenario where a cybercriminal lurks in a parked vehicle, exploiting your dealership’s unsecured Wi-Fi network. Terrifying, right? Unsecured Wi-Fi can serve as an entry point for hackers to intercept sensitive data. Ensure your Wi-Fi is password-protected and use WPA2 or WPA3 encryption for an added layer of security. For critical dealership operations, consider implementing a virtual private network (VPN) to shield your data from prying eyes.

Lack of Employee Training: The Risk of Ignorance

Your employees can either be your dealership’s strongest defense or its weakest link. Employee errors contribute to approximately 88% of data breaches. Without proper cybersecurity training, your staff might unknowingly fall prey to phishing scams or inadvertently expose sensitive information. Regularly educate your team on cybersecurity best practices, including recognizing phishing emails, avoiding suspicious websites, and using secure file-sharing methods.

No Data Backups: The Catastrophic Loss

Imagine waking up to find your dealership’s data vanishing into the digital abyss. Without backups, this nightmare can become a reality due to hardware failures, ransomware attacks, or unforeseen disasters. Embrace the 3-2-1 rule: maintain at least three copies of your data, stored on two different media types, with one copy stored securely offsite. Regularly evaluate your backups to ensure they are functional and dependable.

No Multi-Factor Authentication (MFA): The Risky Gamble

Relying solely on passwords for account protection is a risky gamble, much like having a screen door at the entrance of your dealership. Implementing MFA adds an extra layer of security, requiring users to provide additional authentication factors, such as a one-time code or passkey. This significantly bolsters your account security and makes it challenging for cyber attackers to breach your dealership’s defenses.

Disregarding Mobile Security: The Vulnerable Phones

Mobile devices have become indispensable tools for dealership operations, but they can also be vulnerable to security risks. Ensure that all company-issued devices have passcodes or biometric locks enabled. Consider implementing mobile device management (MDM) solutions to enforce security policies, remotely wipe data, and ensure devices remain up to date.

Shadow IT: The Unwanted Surprise

Shadow IT refers to the use of unauthorized applications within your dealership. While it may seem harmless when employees use convenient online tools, these unvetted applications can pose significant security risks. Establish clear policies for software and services usage within your dealership and conduct regular audits to identify any lurking shadow IT.

Incident Response Plan: Preparedness for the Unexpected

Even with all precautions in place, security incidents can still occur. Without an incident response plan, your dealership could be left scrambling. Develop a comprehensive incident response plan that outlines how your team will detect, respond to, and recover from security incidents. Regularly evaluate and update the plan to ensure its effectiveness.

Don’t let cybersecurity vulnerabilities haunt your dealership. We can assist you in identifying and addressing potential threats, ensuring a robust security posture that protects your business. Reach out to us today to schedule a cybersecurity assessment. Your dealership’s security is our top priority.

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.