Cybersecurity insurance, IT management, Security Management

MSP Update: Legal Experts Weigh in on CrowdStrike Liability

(Adobe Stock)
  • CrowdStrike Outage: Legal Experts Weigh in on Liability Implications
  • Even Cybersecurity Pros Aren’t Immune to Shadow IT Threats
  • CompTIA Security VP Selk Talks MSP Response Amid CrowdStrike IT Outage
  • MSP Talks About the Importance of Empathy Amid CrowdStrike Crisis

Every MSP is involved in cybersecurity, or should be involved in cybersecurity. But the world of managed services involves many other technologies, tools, and trends as well. With that in mind each week MSSP Alert brings you the top headlines from our affiliate site ChannelE2E which focuses on MSP tools, M&A, AI, and other topics of importance to service providers.

This week we’ve got a really important perspective on a top story – the CrowdStrike IT outage and the legal view of who will be held liable what happened. How did this happen? That’s an important question, too. As we’ve seen this past week or two, not even the top cybersecurity companies are immune to a catastrophic event. So it shouldn’t come as a surprise that cybersecurity pros are some of the biggest offenders when it comes to using Shadow IT –- which is by no means a best practice for strong security posture.

Finally, we’ve also got a couple of short videos for you. We interview CompTIA’s security lead Wayne Selk about the CrowdStrike outage. And MSP Robert Cioffi, one of the victims in the Kaseya ransomware attack, weighs in on the importance of empathy during a crisis like the CrowdStrike outage. We’re proud to bring you this coverage. Here’s this week’s wrap up.

CrowdStrike Outage: Legal Experts Weigh in on Liability Implications

Post-CrowdStrike outage, we're now in what's called the "right of boom" phase -- figuring out how to recover, restore, rebuild and move toward continuous improvement. But even though we know this wasn't a cyberattack or a deliberate malicious act, there are many questions that remain unanswered, especially from a legal and liability perspective. The first these involves calculating the costs and who will ultimately be responsible for paying.

Matthew Richardson, partner at legal firm Brown Rudnick, was himself stuck at Chicago's O'Hare airport Friday for about 11 hours due to the incident. There are still industries, including airlines, working to get back to business as usual, he added, and the full amount of the damage done may never be 'paid in full.'

"That was eight hours of my business time lost, and the place was filled with people. So, think about what the actual damages are; it's probably in the billions, and there's probably no way to cover that damage. There's certainly no way CrowdStrike could ever afford to pay that much," he said.

First, CrowdStrike must review their existing service agreements with customers, said David Derigiotis, president of brokerage and head of insurance, Flow Specialty. Pushing out a faulty code change, as happened here, would fall under errors and omissions (E&O), which is a type of liability insurance that covers claims against your business for mistakes you made or services you failed to provide. E&O insurance protects your business from claims by clients for negligence, malpractice, errors or omissions you allegedly made while providing a professional service.

Read the complete story here.

Even Cybersecurity Pros Aren’t Immune to Shadow IT Threats

The same individuals tasked with protecting organizations from security threats are frequently engaging in behavior that could compromise that security and result in data loss, lack of visibility and control and data breaches, according to new research.

Data security and data loss prevention solutions firm Next DLP surveyed more than 250 global security professionals at RSA Conference 2024 and Infosecurity Europe 2024 about Shadow IT. And, it turns out that despite being acutely aware of the associated risks, the majority (73%) of security professionals admitted they'd used unauthorized SaaS applications in the last year.

Furthermore, the research showed, one in ten of these professionals acknowledged that their organization had suffered a data breach or data loss as a direct result of using unauthorized tools, highlighting the real-world consequences of this widespread practice among security professionals.

But why?

Read the complete story here.

CompTIA Security VP Selk Talks MSP Response Amid CrowdStrike IT Outage

Channel partners including managed service providers and solutions providers play a central part in remediating IT issues at organizations large and small. So when a CrowdStrike update caused an IT outage across the world last week, it's not surprising that MSPs and other solution providers stepped up to help.

ChannelE2E spoke to Wayne Selk, CompTIA's VP for cybersecurity programs and executive director of the CompTIA ISAO about his organization's response and how MSPs help each other in times of need.

See the video and read the complete transcript here.

MSP Talks About the Importance of Empathy Amid CrowdStrike Crisis

Progressive Computing CTO and cofounder Robert Cioffi is no stranger to dealing with a crisis. Three years ago his firm and his firm's customers were hit by the Kaseya ransomware incident -- a security event that sent shockwaves across the managed services ecosystem.

We reached out to Cioffi to get his thoughts on MSPs and the industry in the wake of a different kind of crisis -- the CrowdStrike IT outage. Here's what Cioffi had to say.

See the video and read the complete transcript here.

You can skip this ad in 5 seconds