Kyocera Cyber’s proactive response supports impact for their CrowdStrike customers.

Andrew Smith - Chief Information and Security Officer | Kyocera MCL

Andrew Smith

Chief Information & Strategy Officer

Kyocera Document Solutions UK

2024 - Black swan events – like the recent CrowdStrike incident on Friday 19th July 2024 - are unusual and are very unpleasant.

Regardless of their uncommon nature, it is vital for Managed Security Service Providers like Kyocera Cyber to consider our resiliency, response and approach in their wake.

The CrowdStrike incident was widespread across their global platforms and had a significant impact to the global IT services of many companies. Windows hosts running a “Falcon” agent version greater than 7.11 were affected, this was caused by a faulty content configuration update released to agents. This was not a Cyber-attack and CrowdStrike’s platforms were fully operational during this incident.

In this blog I explain our approach, the actions we took to get those customers protected by Kyocera Cyber up and running as soon as possible, and how we are now following up to make our systems and processes more robust.

Early endpoint recovery

Whilst a number of our CrowdStrike customers were affected, we were able to ensure continuity to their IT operations with minimum impact.

“Kyocera Cyber” was actively monitoring and was alerted to the issues within minutes of the problem occurring.

Our 24×7 Kyocera Cyber team immediately took action at point of understanding this was a global issue and found a workaround prior to CrowdStrike’s formal update and started to recover endpoints.

Through this diligence I am pleased to report all systems and customers were back online within 4hrs of the initial faulty update deployment.

As details from CrowdStrike emerged, we adapted and adjusted our workarounds and actions to ensure full alignment with their recommendations.

Alleviating impact

Several customers of Kyocera Cyber services, including Kyocera M-EDR, were affected by the CrowdStrike incident.

The quality and speed of our service delivery is of paramount importance to us. I have already extended my personal apologies for the impact the CrowdStrike incident has had on our customers’ business and operations and assured them that we take any such incident to their organisation with the upmost seriousness.

  • We prioritised customer systems to ensure a swift as possible recovery, leading vendor workaround and remediation guidance.
  • We put our customer’s systems first – our own systems had limited impact, but where required were recovered subsequent to our customers’ systems, ensuring service delivery to our customers at the forefront.
  • We immediately adopted major incident communication and customers saw updates every 30mins from our Cyber teams

 

More specifically we adopted some specific actions during this incident, demonstrating that we are not adverse to changing policies to adapt to prevalent circumstances to provide the best value to our customers.

  • We changed our N-1 agent policy to allow earlier versions of the agent.
  • We enabled advanced quarantine of elected files.
  • We enabled advanced configuration access to elected workloads.

These actions remain in place. We will be reviewing our policies and advanced configuration as further information on the incident emerges.  

Moving forward

We will continue to partner with CrowdStrike. As a recognised leader in modern endpoint security we believe their technology against todays adversaries and malicious actors is best placed to serve our customers, especially when coupled with our multi-signal M-EDR and other security solutions. We regularly engage with the CrowdStrike Exec team which empowers us as we will fully understand their actions and remediation plans to prevent such a recurrence.

As a multi-signal, multi tool provider, Kyocera Cyber will be working with its customers to review their business continuity plans as well as any individual learnings we can deploy to further support our customers.

The Kyocera Cyber team will also be supporting our Internal Systems and Infrastructure teams to review resiliency and business continuity and the overall impact of this incident. We commit, where required, to make changes to ensure any such event has minimal impact to our customers and their service.

Kyocera Cyber

We continue to learn from such events and shoulder to shoulder move forward in our unwavering efforts to protect our customers with the services we deliver.

 

Many smaller businesses put themselves at risk by not having a tested disaster recovery plan in place – discover how you can better protect your business.

How can Kyocera Cyber support your business?

If you have been affected by the recent CrowdStrike incident and want to find out how Kyocera Cyber can better support your business, then reach out to our Cyber Team.

Does your business have a Disaster Recovery Plan?

Many smaller businesses put themselves at risk by not having a tested disaster recovery plan in place – discover how you can better protect your business by having a Cyber Assessment.