CyberCube- Experts & Thought Leaders

The faulty CrowdStrike Falcon Sensor update and subsequent outage – the CrowdOut Event – underscore the potential for Single Point of Failure (SPoF) technology outages to impact the global digital economy. CyberCube is advising clients on how to use SPoF Intelligence to identify exposed insureds and estimate the exposure footprint of the event. SPoF Intelligence is the definitive source for analysing a portfolio's digital supply chain, integrated with the industry's pioneering cyber model. What happened? A global IT system outage was triggered by a faulty software update from CrowdStrike, causing widespread disruptions across various Windows operating system (OS) types. The issue originated from a defective kernel driver included in the update, which led to numerous systems crashing globally and displaying the “Blue Screen of Death” (BSoD). The BSoD is a protective measure to prevent further damage to the OS by stopping all operations The issue began with a CrowdStrike update that was intended to enhance security but inadvertently included a logic error in a configuration file. Invalid operations caused by the logic error led to the OS encountering conditions it cannot resolve. This resulted in system crashes, manifesting as the BSoD. The BSoD is a protective measure to prevent further damage to the OS by stopping all operations. Who is impacted? The faulty update affects companies using CrowdStrike’s Falcon software on machines running Windows OS, both desktop (including Windows 10 and 11) and Windows Server. These are the primary companies affected by the event. With its global position in cybersecurity, CrowdStrike’s own customer base includes many other organisations that CyberCube identifies as SPoFs. Companies relying on one of these SPoFs may be secondary victims of the event, even if they do not use CrowdStrike and Windows directly. Additionally, CrowdStrike Falcon is deployed by managed security service providers (MSSPs) on the networks of other – typically smaller – organisations they oversee. These organisations using such MSSPs are also secondary victims of the event. Notably, financial institutions, healthcare providers, and transportation networks have all experienced disruptions. CrowdStrike Falcon and Windows OS CrowdStrike Falcon is at risk of experiencing system crashes and operational disruptions Applying the SPoF Intelligence tool to search for insureds that are dependent on CrowdStrike Falcon, shows it is likely that all users of the core components of the CrowdStrike Falcon platform in conjunction with Windows OS are impacted. Analysis of the count of companies exposed across CyberCube’s US Industry Exposure Database (IED) identifies large companies in Manufacturing, IT, Healthcare, and Financials as the most likely to be exposed. Examination of exposed limits shows an outsize exposure in the Aviation, Banking, and Retail sectors. CyberCube has provided clients with a list of SPoFs that are dependent both on CrowdStrike Falcon and Windows OS. The outage affects various versions of Windows operating systems. This broad scope means that any organisation or individual using these operating systems alongside CrowdStrike Falcon is at risk of experiencing system crashes and operational disruptions. Catastrophic loss modelling The primary impacts of the CrowdOut Event closely resemble two scenarios in CyberCube’s Portfolio Manager aggregation model. Modelling scenario classes 41 (operating system disruptions on endpoints) and 42 (operating system disruptions on servers) within CyberCube’s event catalogue show the CrowdOut Event to be mainly a system failure or business interruption (BI) event. Customers may share secondary hits by way of extra SPoFs that fall within this prior footprint Customers may experience secondary impacts by way of additional SPoFs that fall within this primary footprint.  SPoFs for scenario classes 4, 9, 10, 11, and 18 (mainly related to financial services and payment system technologies) have been observed as users of CrowdStrike and Windows operating systems, exposing companies that rely on these SPoFs to possible contingent business interruption (CBI) outages.  What to expect? Affected organisations can expect a series of remediation and recovery efforts to take place immediately. Companies with the IT resources to handle large-scale incidents are expected to recover faster. There may be ongoing disruptions as companies implement patches and verify their systems' stability. Rolling back the update and applying patches requires specialised knowledge Rolling back the update and applying patches requires specialised knowledge. For small and medium-sized companies, a lack of access to IT staff could delay the remediation process. Companies lacking robust contingency or IT backup plans could also face additional disruptions. CyberCube support CyberCube's Cyber Aggregation Event Response Service (CAERS) has been activated as a result of the CrowdStrike event. CAERS provides up-to-date intelligence on major cyber catastrophes worldwide as they unfold to ensure CyberCube clients have the most relevant information. CyberCube will continue to monitor this developing event and provide support for customers in calculating the impact on their own cyber insurance portfolios.

Commvault®, a major provider of cyber resilience and data protection solutions for hybrid cloud organisations, has announced the appointment of Darren Thomson as its new Field Chief Technology Officer, EMEA & India (EMEAI). This appointment adds to the company’s expert team of Field CTOs, which builds on Commvault’s new cyber resilience offerings, shaping a new era of data protection and delivering industry-renowned threat detection and rapid recovery capabilities. Extensive industry experience Darren Thomson brings over 30 years of experience in the technology industry to this role, with broad technical and leadership skills and business acumen, as well as extensive experience in managing global teams and projects in high-growth environments. Thomson joins Commvault after pioneering the product marketing organisation at identity and access management company, One Identity. Before this, he helped shape the cyber insurance industry through his work at CyberCube and Lloyds of London, after spending many years gaining experience at both Symantec and Veritas in senior executive roles. Data protection The recent unification of the Commvault Cloud platform powered by Metallic AI" “I am incredibly excited to join a company that is truly redefining modern data protection and putting cyber resilience first,” said Darren Thomson, adding “The recent unification of the Commvault Cloud platform powered by Metallic AI allows us to not only meet customer needs but to truly exceed them." He continues, "Commvault is doing what no other data protection vendor is right now, so I’m keen to work with the teams globally, and in EMEA and India in particular, to drive this conversation forward.”  Cyber resilience platform “We are thrilled to have Darren as part of the EMEAI team and his extensive experience will be extremely valuable in our continued success in this region,” said Richard Gadd, Senior Vice President & General Manager of EMEAI. Richard Gadd adds, “This is an exciting time for Commvault, our partners, and our customers as we provide the industry’s best data security through the only cyber resilience platform on the market. With these never-seen-before offerings, we are focused on continuing to drive real growth and innovation in the EMEAI market, with Darren playing a key part in sharing our story.”

Nation-state cyber threat actors are expected to acquire and flex new offensive cyber capabilities in an increasingly polarised world, warns pioneering cyber risk analytics specialist CyberCube. In a new report published, CyberCube anticipates there will be further attempts to compromise IT supply chains and geopolitical targets such as government agencies and non-government organisations​. Chinese threat actors are expected to engage in zero-day exploitation and disclosure and a heightened level of nation-state targeting of critical infrastructure targets worldwide is anticipated. CyberCube’s Exposure Database The research “CyberCube’s Global Threat Briefing: Update on cyber threat actor activity and expectations” identifies areas that the (re)insurance and broking community need to focus on. CyberCube’s Exposure Databases enable insurers and brokers to perform a wide array of benchmarking Utilising CyberCube’s Exposure Databases to enable (re)insurers and brokers to perform a wide array of benchmarking, sensitivity, and real-time analyses for cyber risks, it warns that healthcare, arts & entertainment, and manufacturing​ are sectors demonstrating high exposure and low-security​ scores. In particular, healthcare remains under-secured relative to its inherent exposure and more attacks are expected in 2023. The report examines criminal cyber threat activity and predicts the overall volume of ransomware and extortion attacks in the first six months of 2023 is likely to be on par with 2022.​ It also states there will be increased targeting of critical civilian infrastructure in Ukraine.  Quote's of principal and head William Altman, report author and Cyber Threat Intelligence Principal, said: “As Russia faces mounting losses, attacks on critical Ukrainian civilian infrastructure could intensify. This includes attacks on public and local authorities. Cyber security will be critical to defending civilian life, including in the energy, financial, communications, and vital software sectors in Ukraine.” Yvette Essen, CyberCube Head of Content, said: “Despite rising costs, most cyber insurance buyers are trying to maintain or increase their current level of cyber insurance coverage. Today, this trend has caused some strain in a market that continues to be characterised by limited capacity and increased demand. Nevertheless, the cyber (re)insurance market is showing signs of stabilisation.”