Fri, Aug 2 2024 10:18 AM EDT
As organizations scramble to patch vulnerabilities caused by CrowdStrike’s massive IT outage on July 19, hackers are exploiting the situation by impersonating CrowdStrike in phishing campaigns, posing as legitimate support sources for affected businesses to gain unauthorized access to corporate networks.
“When your system is down, it creates the best opportunity for hackers to compromise your data,” said Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School. “That’s why multiple layers of security are crucial. Redundancy is key. You need to assume 100% that threats will happen and build your security around zero trust.”
The CrowdStrike incident — which disrupted health care, airlines and financial services, among others, and cost Delta Air Lines alone an estimated $500 million — is a stark reminder that despite the advanced capabilities of leading cybersecurity firms, vulnerabilities can and do occur, prompting an urgent reassessment of current defenses, especially in regulated industries where the stakes are exceptionally high and the threats ever evolving.
This brings a crucial question to the forefront: In an era where cyber threats are becoming increasingly sophisticated and relentless, are regulated industries doing enough to elevate their cybersecurity standards?
