A week after a cybersecurity giant CrowdStrike released an update that affected an estimated 8.5 million Windows computers, causing chaos in various sectors such as healthcare and airlines, the aftermath is still being felt by many organizations that are struggling to restore access to their affected systems.
According to Errol Weiss, the chief security officer for the Health Information Sharing and Analysis Center (Health-ISAC), healthcare organizations were hit hard by the update, with about half of the members of the organization affected. As of July 25, only 18% of the affected organizations had fully recovered their systems, while three-quarters still had up to 25% of their systems requiring attention. Many of these organizations had Windows-based medical devices, making the recovery process more complex and time-consuming.
While automated remediation tools provided by companies like Microsoft, CrowdStrike, and others helped expedite the recovery process for some, healthcare organizations faced challenges with devices that required manual intervention. Microsoft released a USB Recovery Tool to assist administrators in recovering impacted systems, especially in cases where BitLocker encryption was enabled.
CrowdStrike reported that 97% of affected computers had returned to active status by July 25, indicating significant progress in the recovery efforts. However, Quest Software, a managed security services provider, is still assisting customers with the remaining systems that require attention. Kent Feid, a senior director at Quest Software, noted that smaller businesses, in particular, were struggling to recover due to a lack of technical expertise.
The widespread impact of the outage is estimated to have affected a quarter of Fortune 500 companies, with losses totaling $5.4 billion, including significant losses in the healthcare and banking sectors. Despite the availability of recovery tools, many companies still had to work through the weekend to manually recover each system, averaging 15 minutes per device.
Ironically, healthcare organizations were able to recover by relying on measures implemented to combat ransomware attacks, a threat that CrowdStrike is designed to prevent. The incident highlighted the importance of having backup procedures and manual processes in place to mitigate the impact of such outages.
Looking ahead, companies are now focusing on preventing similar incidents in the future. While CrowdStrike has faced backlash for the outage, experts believe that the demand for endpoint protection services will ensure the company’s resilience in the long run. Despite the challenges faced during this incident, businesses are reminded of the inherent risks in software development and the need for continuous vigilance in the cybersecurity industry.