How CrowdStrike’s Faulty Update Became a Worldwide Wake-Up Call

Imagine this: You’re having a peaceful day working at a global cybersecurity outfit. It’s Friday, after all, and the weekend is only a few hours away. Then, complaints start coming in from your partner businesses that important systems at airports, hospitals, and media outlets are down…and the complaints keep coming in. Suddenly, bam! That new update your company pushed this morning seems to be the cause of systems going down across the United States and in other countries.

This scenario recently played out on July 19, 2024 with CrowdStrike’s faulty update. According to Reuters, it is not clear how faulty code made its way into the update or why it wasn’t detected before release: “Ideally, this would have been rolled out to a limited pool first. This is a safer approach to avoid a big mess like this,” said John Hammond, principal security researcher at Huntress Labs. To CrowdStrike’s credit, their crisis communications were relatively fast and calming. CEO George Kurtz appeared on the Today Show and presented a calm and measured apology. “It is a high probability that the quick action and public notification saved the company in the medium term,” said Mark Blackham, Director of Blackland Public Relations. However, without proper crisis management training, situations like this can quickly escalate from “manageable chaos” to “total meltdown.”

Lightning strike across blue stormy sky. Text under image reads: "Prepare for storms so when they strike, you can rally your crew with level-headed guidance focused on solutions. Anxiety is contagious as a leader, so project thoughtful confidence paired with a clear direction of the path ahead." Jason Smith, CEO, Contentellect"

The Horrors of Skipping Crisis Management Training

Without crisis management training, you might as well invite chaos for a sleepover. Here are some real-life horror stories (with a pinch of humor) of what can happen when businesses are unprepared:

The PR Apocalypse

A major airline faced a public relations disaster when they dragged a passenger off an overbooked flight. The lack of a crisis management plan turned a tough situation into a global scandal, making them the punchline of late-night talk shows.

The Data Breach Debacle

A well-known retailer experienced a massive data breach but had no crisis plan in place. Their slow and poorly coordinated response led to a loss of customer trust and a significant drop in stock prices. It was like watching a slow-motion train wreck, only with more angry tweets.

The Customer Service Catastrophe

A tech company had a major product launch fail spectacularly. Without a crisis management plan, their customer service was overwhelmed, leading to long wait times and frustrated customers. It was like trying to put out a fire with a garden hose – ineffective and messy.

An old style microphone with no one next to it. Text under image reads: "A saying we heard a lot in law school was 'No response IS a response.' This means that a lack of response provides an opportunity for the public to fill in the blanks. This can result in exaggerations, conjecture, and assumptions that can be harmful to your business or your client." —Mark Pierce, senior attorney, LLC Attorney"

Why Crisis Management Training is Your Business’s Best Friend

Crisis management training is like a superhero suit for your business. It prepares you to handle unexpected disasters with the grace of a swan (or at least, the effectiveness of a well-oiled machine). Here’s why it’s crucial:

  • Reduces panic and confusion. When a crisis hits, the last thing you need is everyone running around like headless chickens. Training helps create a structured response plan so everyone knows their role.
  • Minimizes damage. A swift, effective response can prevent a minor problem from snowballing into a catastrophic event. Think of it as putting out a campfire before it becomes a forest fire.
  • Protects reputation. In the age of social media, news of mishandled crises spreads faster than you can say “PR nightmare.” Proper training ensures your team can address issues promptly and professionally, protecting your brand’s reputation.
  • Ensures compliance. Many industries have regulatory requirements for crisis management. Training ensures you’re not just prepared but also compliant with industry standards and legal requirements.

Broken turquoise plate on grey floor. Text under image reads: "Always be honest and transparent. It's easy to make mistakes, but it's harder to recover from them if you try to cover it up or lie about what happened. People appreciate honesty, and they'll respect you for being willing to admit your mistakes." —Gauri Manglik, CEO and Cofounder, Instrumentl "

2024 Crisis Management Trends

Hyperconnectivity in the Information Age means that news, accurate or otherwise, moves incredibly fast over social media and on 24/7 news stations. Business leaders must be prepared for rapid misinformation to spread.

  • Global politics and climate change threaten disruption, supply chain problems, and natural disasters. Preemptive planning and scenario-building are key to tackling these challenges.
  • Cybersecurity concerns play a significant role in crisis management, as cyberattacks continue to evolve, requiring constantly improving data security measures and incident response plans. To address these concerns quickly, crisis communications must be authentic and accurate.
  • The rise of technology also offers opportunities to use artificial intelligence (AI) and machine learning (ML) for predictive analytics, real-time monitoring, and automated response mechanisms. At the same time, keeping ethical considerations and responsible implementation is vital.

A group of people on their cell phones standing in front of a big window. Text under image reads: “In a world where social media and ‘fake news’ often distort the truth and skew facts, it’s more important than ever to tell your own stories and make sure the information you share is accurate.” -Evan Nierman, Founder and CEO, Red Banyan "

2024 Best Practices for Crisis Management Training

As much as we’d like, we do not know when a cyberattack or some other crisis will occur. However, there are best practices we can follow to tackle such situations.

  • Proactive planning is your first defense against an incident becoming a full-blown crisis. The world is constantly changing, and so should your crisis management plan. Don’t create a plan and then leave it sitting on a shelf; regularly review and update it to address new threats and incorporate lessons learned from past experiences. Your comprehensive plan should cover all potential scenarios – from natural disasters to cyber-attacks. Include clear roles, communication strategies, and step-by-step procedures. Leadership must be skilled with data-informed decisions, identifying potential risks, prioritizing responses, and measuring the effectiveness of crisis management efforts. Consistently conduct simulations and other exercises to test preparedness.
  • Create a crisis response team responsible for managing crises. This team should be well-trained, calm under pressure, and ready to spring into action at a moment’s notice. They’re your frontline warriors in the battle against chaos. Your team must be agile and adaptable, prepared to adjust responses as the situation changes and evolves, remaining open to the latest information and feedback.
  • Transparency and authenticity are vital to effective crisis management. Communicate openly and honestly with stakeholders – employees, board, the press, the public – during a crisis. Acknowledge mistakes and take responsibility. Employ empathy and inclusivity when considering the various perspectives of the individuals most affected by the crisis.
  • Invest in crisis communications as part of your overall management plan. Train your team in communication skills and crisis management, and give them access to real-time data dashboards. Training isn’t a one-and-done deal. Regular drills and refresher courses keep the team sharp and prepared. Think of it as a workout for your crisis muscles. Conduct realistic simulations to test your team’s response. Make sure to throw in a few curveballs to see how they manage unexpected challenges. It’s like a dress rehearsal, but with more drama. Ensure everyone knows who to contact and how to communicate during a crisis. Use multiple channels – email, phone, messaging apps – to ensure no one is left in the dark. Remember, communication is key, especially when things go sideways.
  • Don’t forget mental health support. Businesses often leave out this aspect of crisis management, but your employees and others may be negatively impacted psychologically by a crisis. Addressing employee wellbeing during or after a crisis is vital, but an even better approach involves anticipatory measures before any crisis occurs. Ensure mental health support is part of your crisis management plan. During a crisis, timely and transparent communication is key. Clearly outline the steps the company is taking to support employees, including any changes in work arrangements, access to resources, and updates on the situation. Such communication helps alleviate anxiety and builds trust among employees.

Person in the woods with two paths in front of them: one is bright, one is dark. Text under image reads: "In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing." Theodore Roosevelt, 26th President of the United States "

Embrace the Chaos, But Be Prepared

Crisis management training is like an insurance policy for your business – you hope you never need it, but you’ll be grateful to have it when disaster strikes. Andrew Sullivan, CEO of Internet Society, remarked, “The important part is how we learn from [crises] and how we improve the resilience of our systems, so that similar issues do not happen again.” By preparing your team to cope with crises effectively, you can minimize damage, protect your reputation, and navigate through turbulent times with confidence. So, invest in crisis management training today. Because when the universe throws a tantrum, you want to be the calm, collected hero who saves the day – not the one running around with their hair on fire.

Related Blogs

The Critical Role of Policies and Procedures in Thriving Companies  

Business Communication: The Lifeblook of Organizational Success  

Solving Problems Strategically: Using a SWOT Analysis 

 

Resources

Blackham, Mark. “Crowdstrike did good crisis comms.” LinkedIn. 7/21/24. Accessed 7/23/24. https://www.linkedin.com/pulse/crowdstrike-did-good-crisis-comms-mark-blackham-zfv5c/

Bray, Mandy. “20 Crisis Management Quotes Every PR Team Should Live By.” HubSpot. 7/28/24. Accessed 7/23/24. https://blog.hubspot.com/service/crisis-management-quotes

Goh, Moh Heng. “[CM] Crisis Management Trends & Best Practices for 2024.” BCM Institute. 2/13/24. Accessed 7/23/24. https://blog.bcm-institute.org/crisis-management/cm-crisis-management-trends-best-practices-for-2024

Harper, Lydia. “Strategies for Employee Wellbeing in Crisis Management.” Bryghtpath. 11/28/23. Accessed 7/23/24. https://bryghtpath.com/strategies-for-employee-wellbeing-in-crisis-management/

“Highlights from the global tech outage: Airlines, businesses and border crossings hit by global tech disruption.” Associated Press. 7/19/24. Accessed 7/23/24. https://apnews.com/live/internet-global-outage-crowdstrike-microsoft-downtime

Segal, Edward. “Less Than Half Of Surveyed U.S. Companies Have A Formal Crisis Communication Plan: Report.” Forbes. 2/25/23. Accessed 7/23/24. https://www.forbes.com/sites/edwardsegal/2023/02/23/less-than-half-of-surveyed-us-companies-have-a-formal-crisis-communications-plan-report/ 

Siddiqui, Zeba. “CrowdStrike update that caused global outage likely skipped checks, experts say.” Reuters. 7/22/24. Accessed 7/23/24. https://www.reuters.com/technology/cybersecurity/crowdstrike-update-that-caused-global-outage-likely-skipped-checks-experts-say-2024-07-20/