Crowdstrike (major) malfunction: 4 Valuable BCM Lessons for the Future

On Friday morning, numerous Windows laptops worldwide began to fail due to a software bug in Crowdstrike’s antivirus program, specifically a flaw in a software update for the company’s 'Falcon Sensor'. As a result, users were unable to start their systems and were faced with a 'blue screen', leading to significant disruptions in business activities. For many companies, this meant a sudden loss of access to critical systems and data, hindering normal operations.

A well-designed BCM plan helps organizations remain resilient during unexpected disruptions. With a BCM plan, your organization is better equipped to minimize the impact and quickly become operational again. You will be better prepared for an malfunction like the Crowdstrike incident. Here are some key elements of BCM that were useful in this scenario:  

 1.  Impact Analysis and Prioritization

Companies that had previously conducted Business Impact Analyses (BIAs) knew exactly which systems and processes were most critical. This allowed them to quickly set priorities and restore the most important systems first.

  2.  Alternative Access Solutions

Organizations with alternative access solutions, such as the ability to work via cloud-based desktops or mobile devices, could ensure the continuity of their operations despite the failure of Windows laptops.  

  3.  Communication Plans

Clear communication is essential during a crisis. Companies with a well-oiled communication plan could quickly inform their employees about the situation, update them on alternative working methods, and track the progress of recovery efforts.

  4.  Exercises and Simulations

Organizations that regularly practice their BCM plan were better prepared for this malfunction. By simulating various scenarios in advance, they knew exactly how to act, leading to a more efficient and effective response.

Last Friday's malfunction offers valuable lessons for all organizations:    

  1.  Regular Evaluation and Updating of BCM Plans

Ensure that your BCM plan is regularly evaluated and updated to account for new risks and changing circumstances. This keeps your organization resilient and prepared for unexpected situations. Updates may be needed when entering into a partnership with a new supplier. Evaluations are valuable after incidents or at least once a year.

  2.  Investing in Alternative Work Solutions

Consider investing in alternative work solutions such as cloud-based platforms or secondary devices to reduce reliance on a single system. In the case of the Crowdstrike malfunction, think of laptops with a different operating system (OS) if primarily using Windows, or online backups from a different account. 

  3.  Strengthening Supplier Management

Maintain close ties with your software and service providers and inquire whether they have robust BCM plans. Close relationships help respond faster to disruptions caused by third parties (suppliers) and understanding their BCM preparedness can provide more perspective during an outage.  

  4.  Continuous Commitment to Awareness and Training

Continue to train and raise awareness among employees about BCM principles and their role during a crisis. A well-informed and trained team can make a significant difference in the speed and effectiveness of your response, as they know what is expected of them and how to react to specific situations.

The malfunction caused by Crowdstrike last Friday underscores the importance of a well-supported and practiced Business Continuity Management plan. By being prepared, organizations can not only minimize the impact of unexpected disruptions but also recover quickly and continue their operations.

Let’s use this event as an opportunity to strengthen BCM strategies and be better prepared for future challenges.