1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage (theregister.com) 14
An anonymous reader quotes a report from The Register: Germany's Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike's outage in July are dropping their current vendor's products. Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to do so in the near future. It wasn't explicitly said whether this referred to CrowdStrike's Falcon product specifically or was a knee-jerk reaction to security vendors generally. One in five will also change the selection criteria when it comes to reviewing which security vendor gets their business. The whole fiasco doesn't seem to have hurt the company much though, at least not yet.
The findings come from a report examining the experiences of 311 affected organizations in Germany, published today. Of those affected in one way or another, most said they first heard about the issues from social media (23 percent) rather than CrowdStrike itself (22 percent). The report also revealed that half of the 311 surveyed orgs had to halt operations -- 48 percent experienced temporary downtime. Ten hours, on average. Aside from the obvious business continuity impacts, this led to various issues with customers too. Forty percent said their collaboration with customers was damaged because they couldn't provide their usual services, while more than one in ten organizations didn't even want to address the topic. The majority of respondents (66 percent) said they will improve their incident response plans in light of what happened, or have done so already, despite largely considering events like these as unavoidable. The report highlights a curious finding that over half of CrowdStrike customers wanted to install updates more regularly, even though that would have been worse for an organization.
"Regardless, with the number of urgent patch warnings we and the infosec community dish out every week, it's probably a net positive, even if it's slightly misguided," concludes The Register.
The findings come from a report examining the experiences of 311 affected organizations in Germany, published today. Of those affected in one way or another, most said they first heard about the issues from social media (23 percent) rather than CrowdStrike itself (22 percent). The report also revealed that half of the 311 surveyed orgs had to halt operations -- 48 percent experienced temporary downtime. Ten hours, on average. Aside from the obvious business continuity impacts, this led to various issues with customers too. Forty percent said their collaboration with customers was damaged because they couldn't provide their usual services, while more than one in ten organizations didn't even want to address the topic. The majority of respondents (66 percent) said they will improve their incident response plans in light of what happened, or have done so already, despite largely considering events like these as unavoidable. The report highlights a curious finding that over half of CrowdStrike customers wanted to install updates more regularly, even though that would have been worse for an organization.
"Regardless, with the number of urgent patch warnings we and the infosec community dish out every week, it's probably a net positive, even if it's slightly misguided," concludes The Register.
Your data breach insurance ... (Score:2)
I Struggle with the Way Security is Marketed (Score:1)
Sure, there are events that could definitely put you out of business under the wrong
Re: (Score:2)
"Not having backups" is not only *not* the only concern ... it's not even the top one, for many companies.
For instance, *data* breaches are a much, much bigger concern to many. Who cares if you have backups of your customer's sensitive info ... when that info exposed to the world?
Re: (Score:1)
Insanity (Score:3)
So, because of one bad vendor, people are going to run with no security at all? Good luck with that. When you're hacked, you can go to the press conference and proudly proclaim "we were running no security software".
I had horrible luck with a Ford once. Didn't make me stop buying cars.
That's not what it says... (Score:2)
So, because of one bad vendor, people are going to run with no security at all?
No, they are dropping their current security vendor and the summary says that it's not clear whether that is related to the one bad vendor or not. It does not say anything about what they are intending to do in the future only that they are not continuing with the security solution they currently have. It's hard not to see this as a lot of companies bailing from Crowdstrike but the summary specifically says that there is no data regarding that yet.
I strongly suspect, since it indicates that 20% are chan
No, but they are examining them (Score:2)
So, because of one bad vendor, people are going to run with no security at all? Good luck with that. When you're hacked, you can go to the press conference and proudly proclaim "we were running no security software".
I had horrible luck with a Ford once. Didn't make me stop buying cars.
This is the most sane thing I've heard tech companies do. Nope, not dropping security...just actually paying attention to it. This is what we want, isn't it?....for companies to do their homework and give business to those who deliver and stop giving it to those who don't!
This is a win for them! (Score:2)
Re: (Score:2)
10% of customers are switching vendors and signing new contracts? That sounds like a healthy industry to me.
This seems like an useless statistic (Score:2)
What would have been interesting is how many are dropping Cloudstrike.
Re: (Score:2)
It's probably not 100%, but given the timing still I think it's safe to say that most (and close to all?) aren't leaving some random company: they're leaving Crowdstrike.
Modern security products seem to increase... (Score:5, Interesting)
The reality of cyber-security is that it can't be engineered because the social engineering and financial engineering of a company or product will always be the real vulnerability.
The whole world has realized that they need to start air-gapping databases and hiring in-house devs to make their own security products and protocols that don't require creepy persistence connections to massive centralized actors.
Vendors are a massive liability but talented employees are an even bigger asset.
Re: (Score:3)
The whole world has realized that they need to start air-gapping databases
I've worked at government contractors that had real air-gaps for things like their databases, but that does not seem to be the norm for the rest of the world. How would ordinary businesses make use of their databases if they are not network accessible under any circumstances, printed reports? Some sort of unidirectional transmission? What sort of data ingress are they using?
I ask this because I have been involved in
What shocks me about this (Score:2)
is that 9 out of 10 affected customers are apparently *sticking with* CrowdStrike.