Furthermore, experts say that this type of software error will probably happen again. “We have to expect that it will happen again, and you need to protect against it,” Ranjan Singh, chief product officer at Kaseya, told CSO. “There are people involved in the whole development chain, so always, there is always a mistake. But it’s our job to make sure we go to the ends of the earth and figure out how to prevent something like this, especially for sensitive products.”
Brumley of ForAllSecure says this type of incident “will happen again” again. The consolidation of a “big” industry with fewer and smaller vendors will mean “more people will be affected when a major software bug happens,” he says. A thin security workforce will hurt the industry’s ability to respond in the future. “I think people are tired of security, and especially as the markets change, there has been a big reduction in security,” he said.
It’s time to rethink disaster recovery plans
One area of risk management that CISOs should revisit now is disaster recovery. “I think most companies should probably implement their disaster recovery process during the CrowdStrike shutdown, but not voluntarily, not voluntarily,” Christine Gadsby, BlackBerry’s CISO, told CSO.
Source link