Behind the Blue Screen: The Importance of Third-Party Screening and Ongoing Monitoring
by Claudia Tijssen – Head of Customer Success at NGA
The recent CrowdStrike outage in July 2024 serves as a stark reminder of the critical need for robust third-party screening and monitoring. This incident, triggered by a faulty update in CrowdStrike’s Falcon sensor, led to widespread Blue Screen of Death (BSOD) errors across millions of Windows devices. The consequences were severe, including grounded flights and halted business operations globally, highlighting the potential risks of relying on third-party services.
The Incident: A Faulty Update with Far-Reaching Consequences
CrowdStrike, a leading cybersecurity firm, is known for its Falcon platform, which provides endpoint protection to countless organizations worldwide. In July 2024, an update to the Falcon sensor intended to improve security instead introduced a logic error that caused widespread system crashes. This error led to significant disruptions, not just for individual users but across entire industries. The resulting BSOD errors paralyzed operations in sectors ranging from aviation to finance, illustrating the domino effect that can occur when a critical third-party service fails.
The Fallout: Operational and Reputational Damage
While the CrowdStrike outage was not the result of a cyberattack, the incident exposed vulnerabilities that could have been exploited by threat actors. The chaos and disruption caused by the outage created opportunities for malicious activity, demonstrating how even non-malicious failures in third-party services can have serious security implications.
CrowdStrike’s response, which included a public apology and swift remediation efforts, aimed to mitigate the damage. However, the incident had already caused significant operational and reputational harm. Businesses that rely heavily on third-party providers like CrowdStrike were reminded of the importance of having contingency plans and ensuring that their partners are thoroughly vetted and continuously monitored.
The Lessons: The Necessity of Rigorous Third-Party Screening
This incident underscores the importance of not just initial screening but also ongoing monitoring of third-party services. Businesses must understand the potential risks posed by their external partners and be prepared to respond quickly to any issues that arise. The CrowdStrike outage illustrates how even a well-respected provider can introduce risks, and why continuous oversight is essential.
How Third-Party Screening Can Help
You might wonder how third-party screening could prevent an issue related to an update like this one. Traditional third-party screening typically focuses on evaluating a vendor’s overall risk profile, security practices, and compliance. However, it can still play a crucial role in mitigating risks associated with CrowdStrike as an example:
- Vendor Risk Assessment: Ongoing assessment of a vendor’s change management and update processes can identify potential risks. If a vendor has a history of problematic updates or inadequate testing protocols, this could be flagged, prompting a more stringent review or alternative solutions.
- Continuous Monitoring: Real-time monitoring of third-party vendors can help detect changes in their risk profile. For example, if a vendor starts rolling out frequent updates that cause minor issues, this could indicate potential future problems, allowing companies to prepare contingency plans.
- Incident Response Planning: Effective third-party risk management includes preparing for potential incidents. Even if an update causes an issue, having a robust incident response plan that includes clear communication with the third-party vendor can help minimize the impact.
- Contractual Safeguards: Businesses can include specific clauses in contracts that require vendors to adhere to stringent testing protocols before deploying updates. This could also involve requiring advance notice of significant changes so that the business can assess the potential impact.
While third-party screening might not catch the exact issue with a specific update, it can still help manage the overall relationship with the vendor and ensure that there are safeguards in place to handle such incidents when they do occur.
How NGA Can Help
NGA offers comprehensive third-party screening services designed to mitigate these types of risks. By providing continuous monitoring, real-time data insights, and thorough vetting processes, NGA ensures that businesses are not caught off guard by unexpected third-party failures. Our services help you stay ahead of potential issues, safeguarding your operations and reputation from the kind of fallout seen in the CrowdStrike incident.
The CrowdStrike outage of July 2024 is a compelling case study of the importance of third-party risk management. It highlights the need for businesses to take proactive measures in screening and monitoring their third-party providers. With the right tools and practices, companies can protect themselves from the operational and reputational damage that can arise from third-party failures. NGA’s solutions are designed to provide that protection, helping you maintain business continuity and trust in an increasingly interconnected world.