The Truth About CrowdStrike Risk Management |The Risk Management Research
Vložit
- čas přidán 5. 09. 2024
- This video is about the issues that resulted from the 19th July 2024 CrowdStrike Outage. This incident brought the world to a standstill and required deliberation on whether such a concentration of risk is acceptable for the world's future. It asks whether risk management practices were followed when organizations moved from physical-based servers to cloud servers. This is data risk. Also, we should get away from crisis management to risk management.
The Risk Management Research (Sonjai Kumar) #crowdstrike #ITrisk #cyber #cyberrisk #Risk, #riskidentification , #enterpriseriskmanagement , #riskanalysis, #riskreduction #riskappetite , #RiskFramework, #riskidentification, #riskstrategy, #Governance,
I want to bring a perspective from a risk management point of view. What are the lessons that we can learn from yesterday's incidents, and what changes can we make, or rather we should make? Let's see that you know what is what could be the mitigations. the computer screen turned blue all of a sudden. IT pandemic had struck then, and people came to know that there was an issue with the security patch update globally. Airlines News broadcasters, hospitals, and various organizations came to stand still; the world just witnessed the over-dependence on one system this is concentration risk we talk about the concentration risk more in the investment Arena when an organization invests a lot of their Assets in one particular type of an asset then we say that there is a concentration risk because if that asset does not perform well then there is a risk that the organization may not earn enough return so similarly, I think concentration risk just not be in the investment area but it is everywhere this incidence was not a Cyber attack but I think is an eye opener for the entire world how do they perceive the risk what lessons can be learned and applied to manage the future such risks this is not the first incident, of course, this is the first incidence of this type happened but similar incidents can happen in the future you know what learning can be taken from this let us ask some critical questions to ourself we have to ask certain critical questions there's a talk about the data risk because data is sitting on the Cloud Server and the Cloud Server is not within the country it is somewhere else and that data is not on the physical server now the various organizations have taken a conscious decision to move away from the physical server to the Cloud Server which means that their data is not under the control but under the control of the third party and that data may not be in their country but in some other country so when such decisions are taken there must be a risk analysis about what are the risks while taking such decisions now the question is when the organizations move over the way from server-based to the Cloud Server did they analyze the impact of the risk did they Analyze That what could happen if there is a strike if there is a um if there's a bug in a system if there is a uh Cyber attack how they are going to manage the risk now the question is whether such analysis is part of a risk-based decision making if the organizations have done the analysis and they have accepted the risk that they are fine within know that such kind of decisions then it is okay to take such decisions because they have to bear the consequences of the impact however if the organizations have not done such analysis then the question is that the proper risk management activity have not you know gone into the practice and that's where there is a need to implement risk management not only just in Financial Risk but in all parts of risk management activities; we generally see that when such incidents happen, we get into the crisis management mode; now it is time to move away from the crisis management mode to the risk management mode the crisis management is very expensive in nature when an organization is not doing the risk management and they want to implement the risk management, of course, it is going to cost there's a cost to it but there's a also the benefit is that the form value increases; now the question is that yesterday's incidence crystallised yesterday or one of such incidences that we saw there could be much Such live wires that are yet to be explored risk management first identifies analyse and plan for the mitigation. I think it is a time for our eyes it is time to open our eyes and start building robust risk management practices to prevent such future crises again and again and then keeping it between the covers of the book it is now time to engage in proactive risk management learn from past failures and Implement in the future we saw in the last 10 to 15 years, we have seen some big Global events and incidents that have seriously cost us if we start from 2008 economic crisis 2020 covid event and now the crowd strike
Insightful video!
Wonderful real life risk analysis. It will go far. Good wishes and would love to hear more.
Lessons from the CrowdStrike Incident:-
Thorough testing of software updates is crucial.
Dependency on a single vendor is risky.
Strong incident response plans are essential.
Continuous risk assessment is vital.
Prioritize cybersecurity in all operations.
The centralisation of tech services to just the big players can bring even more problems in the future hence companies must be proactive and must have a backup pr atleast a backup plan
Excellent observation