Source URL: https://it.slashdot.org/story/24/09/19/1721236/1-in-10-orgs-dumping-their-security-vendors-after-crowdstrike-outage?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: 1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage
Feedly Summary:
AI Summary and Description: Yes
Summary: A report from Germany reveals a significant impact of a CrowdStrike outage, with 10% of affected organizations planning to change their security vendor and 66% seeking to enhance their incident response plans. This situation emphasizes the importance of robust vendor reliability and incident management in the realm of information security.
Detailed Description:
– A report by Germany’s Federal Office for Information Security (BSI) highlights serious repercussions from a July outage affecting CrowdStrike’s services.
– Key findings from the report include:
– **Vendor Trust Erosion**: 10% of the organizations affected by the outage are shifting away from their current security vendor, while an additional 6% are also intending to drop their provider soon.
– **Immediate Actions**: Approximately 4% of organizations have already abandoned their solutions altogether.
– **Changes in Evaluation Criteria**: One in five organizations will adjust their criteria for selecting security vendors, reflecting a shift in trust and reliability expectations.
– **Business Continuity Challenges**: 48% of organizations experienced temporary downtime, averaging 10 hours, which not only disrupted operations but also harmed customer relationships. 40% reported difficulties in collaboration with clients due to their inability to provide expected services.
– **Incident Response Improvements**: Despite viewing such outages as largely unavoidable, 66% of respondents indicated they would either improve their incident response plans or had already taken steps to do so.
– **Awareness and Communication**: Most organizations learned about the outage via social media (23%) rather than direct communication from CrowdStrike (22%), reflecting potential issues in vendor communication during crises.
– **Regular Updates Demand**: Over half of CrowdStrike’s customers expressed a desire for more frequent updates, despite concerns that this might exacerbate operational disruptions, suggesting a misunderstanding of maintenance versus operational stability.
This incident serves as a crucial reminder for security leaders about the importance of vendor resilience and the necessity of having robust incident response strategies. Furthermore, it underscores the critical nature of communication and education among users regarding service reliability and update management, shaping future vendor evaluations and partnerships within the field of information security.