The CrowdStrike Outage: Lessons Learned

Just a few days ago the world felt the rippling effects of a third-party push to networks across the globe. What would have normally been a routine undertaking instead caused mass disruption of information systems and brought businesses of all sizes to a standstill. Almost everyone was impacted by this incident in one way or…

Categories: ,

Posted on

By

The CrowdStrike Outage: Lessons Learned

Just a few days ago the world felt the rippling effects of a third-party push to networks across the globe. What would have normally been a routine undertaking instead caused mass disruption of information systems and brought businesses of all sizes to a standstill. Almost everyone was impacted by this incident in one way or another. At the time of this writing, some companies continue to struggle to resume normal business activities.

As with any incident, we must take a look at our processes to see what lessons we can learn and how we can improve – an after-action report, if you will.

Third-Party Risks

Our society is more interconnected than ever before, and third-party vendors increasingly are active on customer production business networks. The advantages businesses receive from these interactions are often worth the risks. However, as with all business decisions, we must understand the risks that we are accepting and take steps to mitigate them to the greatest practical extent.

One of the key takeaways from this incident is that we need to incorporate third-party risks into our business continuity (BC) plans, incident response (IR) plans, and tabletop exercises. Businesses cannot control every aspect of a third-party integration, but they can control how that risk is incorporated into the environment and put safeguards in place for maintaining continuity when an action fails to go as planned.

Businesses should not only take this into account with their BC/IR planning but should actively incorporate this into their tabletop simulation drills. At Raxis, we conduct tabletop offerings as a simulated attack intended to model real-world threats. They facilitate cohesion and seek to highlight process gaps and less obvious exposures. A plan is only as good as its execution, and tabletop exercises are an excellent way to identify improvement opportunities in plans and processes.

A Few Things to Think About

  • Do you have redundant systems in place that would be resilient to a third-party incident?
  • Do you have tested backups (emphasis on tested) that allow you to quickly restore your system?
  • Do you maintain adequate logging, and are these logs stored for a long enough time period to allow your team to review them and determine affected systems?
  • Do you have a current BC/IR plan, and does this plan include incidents that could be caused by third-party vendors?
  • Do you actively review your vendors and their operational processes that could affect your business stability?

Vince Lombardi once said, It’s not whether you get knocked down, it’s whether you get up. This rings true after every security incident. What do we learn, and how do we improve?

Need help testing or developing your incident plans? Raxis can help. Reach out to one of our advisors to learn more.


Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.

More From Raxis

  • Choosing a Penetration Testing Company: Part 3

    Choosing a Penetration Testing Company: Part 3

    By Caroline Kelly • July 29, 2025
  • Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities

    Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities

    By Jason Taylor • July 22, 2025
  • Choosing a Penetration Testing Company: Part 2

    Choosing a Penetration Testing Company: Part 2

    By Brad Herring • July 1, 2025
  • Cisco Releases Patch for CVE-2025-20188 - 10.0 CVSS

    Cisco Releases Patch for CVE-2025-20188 – 10.0 CVSS

    By Scottie Cole • May 8, 2025