Germany's Federal Office for Information Security (BSI) says one in ten organizations in the country affected by CrowdStrike's outage in July are dropping their current vendor's products.
Four percent of organizations have already abandoned their existing solutions, while a further 6 percent plan to do so in the near future. It wasn't explicitly said whether this referred to CrowdStrike's Falcon product specifically or was a knee-jerk reaction to security vendors generally.
One in five will also change the selection criteria when it comes to reviewing which security vendor gets their business.
The whole fiasco doesn't seem to have hurt the company much though, at least not yet.
The findings come from a report examining the experiences of 311 affected organizations in Germany, published today. Of those affected in one way or another, most said they first heard about the issues from social media (23 percent) rather than CrowdStrike itself (22 percent).
The report also revealed that half of the 311 surveyed orgs had to halt operations – 48 percent experienced temporary downtime. Ten hours, on average.
Aside from the obvious business continuity impacts, this led to various issues with customers too. Forty percent said their collaboration with customers was damaged because they couldn't provide their usual services, while more than one in ten organizations didn't even want to address the topic.
The majority of respondents (66 percent) said they will improve their incident response plans in light of what happened, or have done so already, despite largely considering events like these as unavoidable.
"There will never be a 100 percent protection against IT security incidents in the future. Nevertheless, we aim to get as close to 100 percent as possible," said Claudia Plattner, BSI president.
"To achieve this, the BSI is in close collaboration with CrowdStrike, Microsoft, and other software manufacturers to improve the quality of their software and software updates. Additionally, companies must and can increase their resilience through preventive measures, making them more resistant to IT security incidents.
- Post-CrowdStrike catastrophe, Microsoft figures moving antivirus out of Windows kernel mode is a good idea
- CrowdStrike hopes legal threats will fade as time passes since it broke the world
- House to grill CrowdStrike exec on epic IT meltdown... no, not the CEO
- CrowdStrike's meltdown didn't dent its market dominance … yet
"It is important to give users the greatest possible control over update processes. Furthermore, the survey results also show that well-practiced IT emergency concepts must be an important component of any crisis preparedness."
One curiosity of the report was the focus on CrowdStrike customers' attitude towards applying security updates post-breakdown.
More than half said they want to install updates more regularly, despite the speed at which updates are applied not being a relevant factor in this case.
CrowdStrike pushed its faulty Falcon sensor update, in the form of a channel file, via an automatic cloud update. Even if the update was applied manually, doing so at rapid speed – before seeing how it affected other users – would have been worse for the organization, not better.
Regardless, with the number of urgent patch warnings we and the infosec community dish out every week, it's probably a net positive, even if it's slightly misguided.
The BSI was quick to say this survey isn't representative of the entire country, given the sample size, "but it does provide a meaningful picture of the mood for affected companies in Germany."
Ralf Wintergerst, president at Bitkom, which carried out the research, said: "The IT outages and their consequences demonstrate the outstanding importance of digital technologies for our economy and society. This time it ended relatively harmlessly, also thanks to the joint efforts of businesses and authorities, with the support of CrowdStrike and Microsoft. However, it must serve as a warning for us.
"We urgently need to further improve our cybersecurity and require corresponding in-house expertise in companies and authorities – only in this way can we better protect ourselves against unintended outages or targeted attacks and become more digitally sovereign."
The July outage impacted organizations in multiple industries across the world from healthcare to transport, bricking 8.5 million PCs.
The US House Homeland Security Committee is set to grill an exec over the debacle next week... although CEO George Kurtz will not be the one providing public testimony. ®