The recent CrowdStrike incident, which involved a faulty software update causing widespread IT outages, has highlighted several key areas where companies should reassess and strengthen their cybersecurity posture. Here are some recommended changes based on the incident:

1. Enhanced Risk Assessments and Gap Analyses:

   • Perform comprehensive risk assessments to identify potential vulnerabilities in your systems, especially those related to third-party software and updates.

   • Conduct gap analyses to pinpoint shortcomings in disaster recovery, monitoring, and oversight practices.

2. Incident Response and Escalation Processes:

   • Develop and operationalize robust incident response and escalation processes to handle both malicious attacks and non-malicious disruptions like coding errors.

   • Ensure these processes enable prompt and defensible materiality analysis to determine the impact of incidents.

3. Third-Party Software Management:

   • Implement stricter controls and oversight for third-party software updates. This includes testing updates in a controlled environment before full deployment.

   • Establish clear protocols for rolling back updates if issues are detected.

4. Regulatory Compliance and Reporting:

   • Ensure compliance with SEC reporting requirements, including assessing whether incidents are material and require disclosure under Form 8-K.

   • Update risk factors and other disclosures to reflect dependencies on third-party software and potential impacts of system downtimes.

5. Internal Controls and Procedures:

   • Evaluate and refine internal controls and disclosure controls to address potential impacts from both cybersecurity threats and operational disruptions.

   • Ensure that policies, procedures, and plans are in place to manage and mitigate risks from software updates and other IT issues.

6. Communication and Transparency:

   • Be mindful of Regulation FD when communicating with analysts and investors about the impact of incidents. Ensure that any disclosures are made in a compliant manner.

   • Consider providing voluntary disclosures for non-material incidents to maintain transparency and build trust with stakeholders.

7. Cyber-Resilience and Business Continuity:

   • Strengthen cyber-resilience by ensuring that business continuity plans are robust and can handle both cyber-attacks and operational disruptions.

   • Regularly test and update these plans to ensure they remain effective in the face of evolving threats.

By implementing these changes, companies can better prepare for and mitigate the impacts of similar incidents in the future, ensuring a more resilient and secure cybersecurity posture.