One Article Review
| Source |  Kovrr |
|---|---|
| Identifiant | 8554065 |
| Date de publication | 2024-08-08 12:18:25 (vue: 2024-08-08 12:18:25) |
| Titre | En savoir plus le 8 août 2024 Le coût britannique de l'incident de la crowdsstrike Le coût britannique de l'incident de la crowdsstrike: a & acirc; & Pound; 2,3b Shock Read MoreAugust 8, 2024The UK Cost of the CrowdStrike IncidentThe UK Cost of the CrowdStrike Incident: A £2.3B Shock |
| Texte | The UK Cost of the CrowdStrike IncidentâCrowdStrike made global headlines when an automatic update to their Falcon sensor software crashed more than 8.5 million Microsoft Windows machines globally. This incident resulted in major disruption, including supermarkets being unable to take card payments, TV broadcasters going off the air, and airlines canceling thousands of flights.âThis is a fascinating case because, although not a malicious attack, the repercussions mimic those of one that was. Moreover, this case demonstrates that a single point of failure, including third-party software, can cause outsized impacts. This impact is particularly significant when the specific third-party software is pervasive throughout an organization. An exacerbating feature of the CrowdStrike incident is the relatively small number of vendors dominating the market, which meant that when something went wrong, a large part of the market was affected. The common doomsday scenario has recently been an outage in a major cloud provider (Azure, GCP, AWS). Still, here we again see the potential for errors or attacks via third-party software to cripple businesses on a global scale. It seems that in many cases, the expensive lesson of SolarWinds, that unquestioningly accepting updates can be catastrophic, has not been learned. Hopefully, updates to security software will now get at least the same level of scrutiny as other software updates.âAnother thought-provoking side to the CrowdStrike incident is that an anti-monopoly agreement between the European Commission and Microsoft in 2009 is one of the reasons why CrowdStrike had kernel-level access to Windows, and along with other factors, allowed it to produce the infamous blue screen of death. This instance illustrates that agreements and laws made over a decade ago can have serious unforeseen consequences and that everyone may not always understand the actual risks resulting from these decisions.Economic ImpactâEstimates of the economic impact are few and far between, but Kovrr has calculated that the total cost to the UK economy will likely fall between £1.7 and £2.3 billion ($2.18 and $2.96 billion).âThis value is based upon the uptake of endpoint detection software across the market in combination with CrowdStrikeâs market share and assumes an average downtime of 1 working day, 24 hours. For the downtime, we know that 97% of systems have been fixed after nine days, and CrowdStrike released a fix within 20 hours. Examples show that business-critical systems were restored on varying timescales, with Sky News going off air for only a couple of hours and American Airlines grounding 400 flights on the first day and 50 flights the following day. Clearly, fixes continue much beyond 24 hours, and IT staff are still fighting to get all systems back online. However, the later fixed systems are likely to be less business-critical in the short term, so they are unlikely to contribute significantly to business interruption costs.âKovrrâs estimate considers the costs associated with business interruption, the response, and post-response expenses, such as litigation, based on Kovvrâs deep understanding of system outage data from past incidents and detailed cost analysis.âTo put the financial consequences of this cyber event in context, Verisk PCS estimated that NotPetya caused a global economic impact of around $10 billion (~$13 billion inflation-adjusted), and Wannacry approximately $4 billion (~$5 billion inflation-adjusted).âMany larger companies likely have cyber insurance, so they will not have to bear the total cost of this event. Moreover, because of the existence of these policies, the resulting impact on the cyber insurance market is still unfolding. Estimates of the global insured losses range from âmid to high single digit billion USDâ and are unlikely to be material for the (re)insurance market. Beazley, the largest insurer of cyber risk in 2023 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $10 $102 $19 $27 $336 $56 100 140 18th 2005 2009 2011 2023 2024the 24th 400 500 accepting access across actively actor actual adjusted affect affected after again aggregate ago agreement agreements air airlines all allowed along although always american analysis anti application apply approximately are around art assessmentâwhile associated assumes attack attacks automatic average aws azure back based bear beazley because become been being between beyond billion blue both bottom broadcasters broader business businesses but calculated can canceling cap capture card case cases catastrophe catastrophic cause caused chains chance change clearly closed cloud combination comes commission common companies company complex consequences considers context continue contribute contributed correlating cost costliest costs couple crashed cripple critical crowdstrike crowdstrikeâs crq cyber cybersecurity data day days death decade decision decisions deep demo demonstrate demonstrates detailed detection determine did digit directly disruption does dominating doomsday down downtime drop dropped duration earthquake economic economy endpoint entities errors estimate estimated estimates european event events everyone exacerbating examples existence expenses expensive expert factors failure falcon fall far fascinating feature fighting financial firms first fix fixed fixes flights following free from ftse gcp geographies get given global globally going grounding group gwp had has have headlines here high hopefully hours how however huge hurricane illustrates impact impacts impactâestimates impactâthe important incident incident: incidents incidentthe incidentâcrowdstrike including incorporate increasingly index individual infamous inflation initiate instance insurance insured insurer interesting interruption japan july katrina kernel kind know kovrr kovrrâs kovvrâs landscape large larger largest later laws learn learned least less lesson level likely line litigation losses machines made major makes making malicious many market markets material may meant microsoft million mimic model modeling models modern monopoly more moreaugust moreover much natural news nine non not notpetya now number off one oneâs online only organization other outage outages outsized over overall own part particularly party past payments pcs pervasive point policies pond portfolios post potential price produce produced productivity profitability projections protect provider providers provoking put quantification range read reasons recently reduction reflected relatively released repercussions reporting representing response restored resulted resulting risk risks s&p same scale scenario scenarios schedule screen scrutiny security see seems seen sensor serious share shock short show showing side significant significantly single sky small software solarwinds solution something specific staff state stated stock streamline such supermarkets supply system systemic systems take targeted term terms test than therefore these third those thought thousands through throughout timescales tohoku total tsunami types unable understand understanding unfolding unforeseen unlikely unquestioningly unsurprisingly update updates upon uptake usdâ using value varying vendors verisk vital wannacry web well went when which why will windows within working wrong year your ~$13 ~$5 â£1 â£2 â£21 â âanother âfor âkovrrâs âmany âquantify âthis âto âunderstanding ââmarket âmid â although |
| Tags | Cloud |
| Stories | NotPetya Wannacry |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.