When your organisation becomes the subject of negative news, it is crucial to respond effectively and strategically to minimise damage and rebuild stakeholder trust.
Learning from such experiences and planning to prevent future incidents are vital takeaways. In our industry, security failures can be catastrophic when organisations are unable to function, as seen in the recent CrowdStrike incident. Despite many successes, CrowdStrike has faced multiple episodes of criticism in the past, including during the 2016 Democratic National Committee hack investigation for prematurely attributing the attack to Russia. More recently, a flawed update to their Falcon platform led to widespread system crashes affecting entities like the NHS, HSBC, and several UK airports, with top 500 US companies incurring estimated losses of $5.4bn, excluding Microsoft.
People often jump to the conclusion that every problem is a security issue, assuming there must be a “bad guy” involved. But what exactly do we mean by a security issue? Is it only a security issue if there’s a malicious actor?
This mindset is counterproductive for security teams and unhelpful for businesses in managing information…
