5 Critical Lessons for IoT Vendors from the CrowdStrike/Microsoft Global Outage

Hey there,infosec aficionados! The recent CrowdStrike/Microsoft global outage sent shockwaves through the tech world, and if you’re in the IoT game, you’d better be taking notes. Let’s dive into the top 5 lessons that every IoT vendor should be etching into their playbooks right now.

 1. Resilience Isn’t Just a Buzzword, It’s Your Lifeline

Listen up, folks. If this outage taught us anything, it’s that our interconnected systems are about as fragile as a house of cards in a hurricane. One domino falls, and suddenly we’re all scrambling. For IoT vendors, resilience isn’t just nice to have – it’s do or die.

You need to be building systems that can take a punch and keep on ticking. Think redundancy, failover mechanisms, and spreading your infrastructure across the globe like you’re planning for the apocalypse. Because in our world, every day could be doomsday for your devices.

 2. Data Recovery: Your Get-Out-of-Jail-Free Card

When the data center lights (and flights) went out, a lot of folks found themselves up the creek without a paddle – or their data. IoT vendors, take heed: your backup and recovery game needs to be top-notch. We’re talking bulletproof backups and recovery processes that you could run in your sleep.

And don’t just set it and forget it. Test those recovery processes like you’re prepping for the Olympics. Because when the big one hits, you don’t want to be caught with your data flows down.

 3. Updates: Handle with Extreme Caution

Here’s a plot twist for you: the very thing meant to protect us – a security update – was what kicked off this whole mess. It’s like locking your door and realizing you’ve handed the key to a burglar.

IoT vendors, you need to treat every update like it’s potentially toxic. Rigorous testing, staged rollouts, and the ability to hit the “undo” button faster than you can say “oops” – these aren’t just good practices, they’re your survival kit.

 4. Know Thy Dependencies (and Their Dependencies)

In this tangled web we weave, you might think you’re an island, but surprise! You’re probably more connected than Kevin Bacon. The CrowdStrike/Microsoft fiasco showed us that even if you weren’t directly using their services, you might still end up as collateral damage.

So, IoT vendors, it’s time to play detective. Map out every single dependency in your tech stack, and then map their dependencies. And for the love of all things cyber, diversify! A multi-vendor approach might give you a headache now, but it’ll be a lifesaver when the next big outage hits.

 5. Incident Response: Time to Get Real

If your incident response plan is collecting dust on a shelf (or worse, is just a figment of your imagination), wake up and smell the coffee! This outage caught a lot of folks with their guards down, and it wasn’t pretty.

You need to be running drills like it’s the end of the world. Simulate failures, practice your response, and then do it all over again. Because when the real deal hits, you want your team moving like a well-oiled machine, not like headless chickens.

 The Bottom Line

Look, in our hyper-connected IoT world, massive outages aren’t a matter of if, but when. It’s time to stop crossing our fingers and hoping for the best. Resilience, recovery, and rock-solid response capabilities – these are the tools that will separate the IoT winners from the losers in the long run.

So, IoT vendors, consider this your wake-up call. Are you ready to step up your game, or are you going to be the next cautionary tale? The choice is yours.

Need help building an industry-leading IoT information security program? Our vCISOs have the knowledge, experience, and wisdom to help you, no matter your starting poing. Drop us a line at info@microsolved.com for a no hassle discussion and use cases. 

 

 

* AI tools were used as a research assistant for this content.

SilentTiger Targeted Threat Intelligence Update

Just a quick update on SilentTiger™, our passive security assessment and intelligence engine. 

We have released a new version of the platform to our internal team, and this new version automatically builds the SilentTiger configuration for our analysts. That means that clients using our SilentTiger offering will no longer have to provide any more information than the list of domain names to engage the process. 

This update also now includes a host inventory mechanism, and a new data point – who runs the IP addresses identified. This is very useful for finding out the cloud providers that a given set of targets are using and makes it much easier to find industry clusters of service providers that could be a risk to the supply chain.

For more information about using SilentTiger to perform ongoing assessments for your organization, your M&A prospects, your supply chain or as a form of industry intelligence, simply get in touch. Clients ranging from global to SMB and across a wide variety of industries are already taking advantage of the capability. Give us 20 minutes, and we’ll be happy to explain! 

Reminder: Upgrade HoneyPoint Console to 3.52

Just a quick reminder to all HoneyPoint Security Server users that Console 3.52 is now available on the distribution site. Access information for the distribution site is in the Quick Start Guide that you received when you first downloaded the product.

This new version of the Console component includes speed improvements, bug fixes and .DLL upgrades of some of the underlying modules.

Contact your account executive or technical support if you would like more information.

QuickTime 7.4 is available

The hits just keep coming! Apple has released another version of Quicktime this time around multiple vulnerabilities that may allow arbitrary code execution have been addressed. These include:

    An unspecified handling error in the processing of Sorenson 3 video files.

    An error in the processing of embedded Macintosh Resource records within QuickTime movies.

    Parsing errors of malformed Image Descriptor (IDSC) atoms.

    A boundary error in the processing of compressed PICT images.

We recommend that everyone upgrade to QuickTime 7.4
See Apple’s full advisory at:
http://docs.info.apple.com/article.html?artnum=307301