Have news organizations understood the lessons from Crowdstrike's system failure?

Have news organizations understood the lessons from Crowdstrike's system failure?

In the wake of the major CrowdStrike outage in 2024, media companies worldwide have taken significant steps to enhance their cybersecurity measures and prevent future disruptions.

The incident, which was caused by a faulty software update that triggered widespread IT disruptions globally, has prompted media organisations to rethink their disaster recovery strategies, especially in terms of intentionally building diversity into their plans.

Diversified Cybersecurity Strategies

Organisations are re-evaluating their reliance on single-vendor cybersecurity solutions, such as CrowdStrike. The outage exposed the vulnerability of depending heavily on one provider, leading companies to explore multi-vendor approaches and backup systems to avoid single points of failure.

Enhanced Update Testing

The CrowdStrike update that caused the outage bypassed standard testing protocols. In response, media companies and cybersecurity vendors are now emphasising rigorous pre-deployment testing and validation of software updates to avoid similar faults.

Focus on System Resilience and Recovery

The outage highlighted failures in backup integrity and recovery processes, requiring manual interventions to restore service. Media firms are strengthening their backup strategies, disaster recovery plans, and incident response capabilities to ensure quicker and more reliable restoration of services.

Greater Regulatory Scrutiny

The incident has raised awareness about cybersecurity governance. While the outage did not cause compliance fines, the industry dialogue promoted calls for enhanced regulatory oversight on cybersecurity standards, particularly for critical infrastructure.

Insurance and Risk Management Adjustments

The event has influenced cyber insurance policies, with affected industries, including media, revisiting coverage for business interruption and network restoration. This risk reassessment helps firms prepare financially for future cyber incidents.

Tim Claman, chief product officer at Avid, believes that the media industry has learned valuable lessons since the outage and is seeing wider adoption of strategies that combine prevention and resilience methods. Claman notes a shift in mindset within the media industry, with media enterprises becoming more proactive in managing their security strategies and practices.

However, ensuring companies are adequately protected is an unenviable challenge. Cybersecurity is a risk management exercise where risk must be balanced against cost, both financial and operational. Rowan de Pomerai, CEO of DPP, believes that not enough focus has been given to security concerns in the media industry due to business transformation, AI, and disruption.

The CrowdStrike incident highlighted that it is challenging to protect against all cybersecurity threats, and the incident had severe impacts on companies that take security seriously. In response, AI is being leveraged to implement sophisticated cyberattacks, such as impersonating key personnel or creating personalized phishing attacks. However, de Pomerai suggests that AI could be the solution to complex security concerns in the future.

In disaster recovery scenarios, diversity can apply at both small and large scales. For example, using multiple carriers for bonded-cellular active/active wireless transmissions or having an elastically scalable cloud production service ready to go. Cloud-based production platforms provide a diverse form of backup to hardware-based production solutions running Windows. If an entire class of options (like Windows PCs and servers) is wiped out, a diverse disaster recovery plan can help avoid the fate of having an entire class of mission-critical systems taken down.

The DPP's State of Media Technology Security report shows a gulf between customers and vendors when it comes to their assessment of the security of modern media technology tools. Neil Maycock, a contributor to TVBEurope, notes the need for more collaboration between customers and vendors to address security concerns in the media industry.

In the United States, E.W. Scripps was able to quickly identify and correct issues during the outage due to a strategy put in place over the past 10 years. On July 19th, 2024, Sky News in the UK went off air for parts of the morning due to a large IT outage. The IT outage was described as the largest in history and led to roughly 8.5 million systems crashing.

While the CrowdStrike outage was a significant setback, the media industry is learning from the incident and implementing strategies to prevent future disruptions. The focus is on diversifying cybersecurity defences, enforcing stricter update controls, bolstering recovery processes, and improving risk governance to ensure a more secure future for the media industry.

1. Media companies are diversifying their cybersecurity strategies, moving away from single-vendor solutions like CrowdStrike and exploring multi-vendor approaches and backup systems to prevent future disruptions caused by single points of failure.
2. In light of the incident, a greater emphasis is being placed on insurance and risk management adjustments, with media industries revising their cyber insurance policies to cover business interruption and network restoration in preparation for future cyber incidents.
3. Enhancements in cloud production are being considered as part of a more diverse disaster recovery strategy, providing a backup alternative to hardware-based production solutions running on Windows, which can help avoid the loss of mission-critical systems in the event of a widespread IT outage.

Read also: