Open Letter from Redjack's CEO: The Urgent Need to Prioritize Operational Resilience in Cybersecurity

Subject: Lessons from the Recent CrowdStrike Outage

To the Cybersecurity Community,

Cybersecurity firms have long promoted the idea that "breaches are inevitable." However, if these firms were as transparent as pharmaceutical companies, they would have to disclose that a side effect of their prevention measures is the potential to cause significant harm to the very organizations they aim to protect. According to recent surveys, 84% of CISOs in North America believe that breaches are inevitable​ (Business Wire)​​ (Mintz)​. It's time for CISOs to understand that their actions could also cause major outages in their organizations, and recent events support this claim.

In the ever-evolving landscape of cybersecurity, the relentless focus on preventing hacks often overshadows an equally critical concern: the impact of security tool deployments on organizational resilience. Recent incidents, such as the CrowdStrike service outage last week, underscore the necessity of reevaluating our approach. It is imperative that we, as cybersecurity professionals, shift our focus from an overwhelming fear of being hacked to a balanced concern about the potential disruptions caused by our own tools.

The Unintended Consequences of Cybersecurity Tools

While cybersecurity products are designed to protect our digital infrastructure, they can inadvertently become a source of significant disruption. The recent CrowdStrike incident is a poignant reminder of this reality. Last week, CrowdStrike, a leading cybersecurity firm, experienced a major service outage due to a deployment issue. This outage left numerous organizations vulnerable and disrupted their operations, highlighting the critical need for robust deployment strategies and resilience.

Historically, there have been several instances where cybersecurity tools themselves became vulnerabilities. For instance, in 2017, a security flaw in Kaspersky’s software exposed user data to potential exploitation. Similarly, in 2020, a vulnerability in SolarWinds' Orion software was exploited by attackers, leading to one of the most significant cyber espionage campaigns in recent history. In another example, Okta, an identity and access management company, faced disruptions in 2021 due to a security breach that compromised the data of several of its clients. These incidents emphasize the necessity of meticulously managing the deployment of cybersecurity tools to prevent them from becoming liabilities.

The CrowdStrike outage would not have occurred if the impacted companies had applied our in-depth cyber resilience approach. If the same defensive countermeasure solutions were leveraged on passenger planes, stealth bombers, and Air Force One, each would fail at their respective missions. Why, then, are we applying the exact same security solutions to all types of IT infrastructure and expecting a different outcome?

The CrowdStrike issue revolved around Office365, a software suite for user collaboration. Why was such an issue so disruptive to critical infrastructure? Shouldn't infrastructure for user functions like Office365 be separate from infrastructure that boards passengers on planes and performs banking functions? If the impacted systems require user interactions or Windows functions, they should be designed in an ephemeral way and be recoverable in minutes, if not seconds.

I don't blame any cybersecurity company for outages based on flaws in their software in spite of the fact that cybersecurity companies have had software flaws or have been negligent by using weak default passwords numerous times​ (Industrial Cybersecurity Pulse)​​ (Forgepoint Capital)​. However, cybersecurity teams need to align all their activities to the function IT assets perform for the business, including tuning each cybersecurity solution. I have needed to tune signature sets in cybersecurity tools to get them to work at scale. The expectation that endpoint solutions will work effectively on all types of assets at all times while protecting from all threats is unrealistic.

Prioritizing Resilience Over Fear

The current cybersecurity paradigm, focused on deploying an array of security products to fend off potential breaches, often overlooks the resultant operational risks. This approach not only strains organizational resources but also introduces new vulnerabilities. It is time for a paradigm shift towards prioritizing resilience by protecting what is most critical.

By focusing on resilience, organizations can address both the risk of hacking and the risks introduced by deploying security tools. This approach involves:

  1. Automated Critical Asset Identification Using AI: Identifying and prioritizing the protection of assets vital to the organization’s operations should be automated and leverage AI.

  2. Robust Deployment Strategies Leveraging Integrations: Implementing cybersecurity tools in a manner that minimizes operational disruption and ensures continuity by leveraging integrations.

  3. Constant and Automatic Monitoring and Assessment: Continuously assessing the effectiveness and security of deployed tools to mitigate any emerging risks.

  4. Holistic Risk Management: Integrating cybersecurity into a broader risk management framework that considers both cyber threats and the operational impact of security measures.

The Redjack Approach: A Holistic Perspective

The traditional approach to cybersecurity, relying heavily on deploying multiple products, is fundamentally flawed. Instead, the methodology proposed by Redjack offers a more effective strategy. At Redjack, we emphasize understanding the unique risk landscape of each organization and tailoring security measures accordingly. This ensures that cybersecurity efforts are aligned with the organization’s critical assets and operational priorities.

Our framework includes:

  • Comprehensive Risk Assessment: Evaluating specific threats and vulnerabilities relevant to the organization.

  • Customized Security Solutions: Designing and implementing security measures that address identified risks without compromising operational efficiency.

  • Adaptive Security Posture: Continuously evolving the security strategy in response to changing threats and organizational needs.

By adopting the Redjack approach, organizations can achieve a balanced cybersecurity posture that protects against external threats and ensures operational resilience.

Conclusion

Cybersecurity professionals must broaden their perspective beyond the fear of being hacked. While preventing breaches is essential, we must equally prioritize the resilience of our operations. The recent CrowdStrike outage and similar incidents highlight the potential risks posed by our security tools. By focusing on what is most critical and adopting a holistic approach as advocated by Redjack, we can enhance both our security and operational stability.

Thank you for your attention to this critical matter. I look forward to discussing how we can implement these strategies to bolster our organization's cybersecurity resilience.

Sincerely,

Greg Virgin
CEO, Redjack

Previous
Previous

Why Is Creating an Asset Inventory Critical for Your Cybersecurity Posture?

Next
Next

How to Achieve Cyber Resilience