The European Cyber Security Organisation (ECSO), in collaboration with the ECSO CISO Community, hosted a webinar on 26 July 2024, discussing the recent CrowdStrike outage. Key topics covered by our experts included rapid incident response, challenges of misinformation, and the impact of the Cyber Resilience Act on software security practices. The event underscored ECSO’s commitment to advancing cybersecurity resilience through informative sessions and future discussions on recovery strategies.

The European Cyber Security Organisation (ECSO) hosted a highly anticipated webinar titled “CrowdStrike Incident Post-Mortem: Insights and Lessons Learned” on Friday, 26 July 2024. This event, organised in partnership with experts from ECSO’s CISO Community, saw an outstanding turnout of over 300 participants, including prominent cybersecurity professionals and industry leaders. The key speakers, all Members of the ECSO CISO Community, included Olivier Caleff (CISO, Erium), George Papakyriakopoulos (CISO, Skroutz), Christoph Kornfeld (CISO, Mondi Group), Peter Massini (Head of Detection & Response, Siemens Energy), and Mariano Benito (CISO, GMV). The invitation was extended to all ECSO Members.

The central theme of the webinar was the recent CrowdStrike incident, one of the largest outages in cyber history, caused by a faulty update to CrowdStrike’s security software. The event offered a detailed report, covering its timeline, root cause, the rapid response and rollback, and the spread of misinformation. Experts highlighted the need for better communication and risk management by security vendors, advocated for a shared responsibility model with user control over updates, and discussed how the Cyber Resilience Act (CRA) could have driven proactive improvements in software security once enforced. They also explored the distinction between safety and security incidents, stressed the importance of rigorous certification for third-party software accessing systems’ kernel, and addressed the future of security programs, focusing on recovery strategies and thorough disaster recovery testing. The webinar was well-received, with active participation and extensive engagement from all attendees.

ECSO is committed to its mission of advancing the European cybersecurity community. It aims at providing valuable and informative sessions for its Members, in a continuous effort towards enhancing cybersecurity resilience and preparedness. Future sessions are planned to delve deeper into recovery strategies and lessons learned, offering ongoing support and education to all our ECSO Members.

The ECSO CISO Community

ECSO’s CISO Community is a place for information security leaders to exchange information, good practices, threat intelligence and to develop common positions of practitioners in cybersecurity. CISOs already cooperate on a national, regional and sectoral level but often struggle to find peers from the other European countries. ECSO’s role is of a neutral intermediary that will help in conveying unified voice of practitioners towards other stakeholders in cybersecurity.

Launched in April 2022, ECSO’s CISO Community currently hosts 500+ CISOs from 29 European countries. Daily discussions are being held on topics that are of general interest to CISOs coming from variety of backgrounds and different countries.

More information: ECSO’s CISO Community – ECSO (ecs-org.eu)