Key Learnings from CrowdStrike Falcon Disruption

A Case Study in Crisis Communication

In partnership with

Dear reader,

Greetings from hot Portugal where it is around 40°C 🥵for the moment. (I was right to talk about heatwaves last week…)

In the meantime the CrowdStrike crisis1 happened and now that the dust has settled a bit I thought I would offer an analysis of the case.

Labeled as the “largest IT outage in history”, the software update gone wrong was responsible for major disruptions across different sectors:

  • Airlines faced significant disruptions in their systems, resulting in thousands of flight cancellations and delays, which affected both passenger travel and air cargo logistics.

  • Financial institutions experienced operational issues, impacting transactions and other banking services.

  • Healthcare facilities encountered disruptions that potentially affected patient care and administrative operations. Supermarkets and other retailers faced payment processing issues and delays in check-in systems.

  • Finally, numerous TV and radio stations experienced interruptions in broadcasts, affecting media operations.

Enjoy the article and le me know what you think.

Table of Contents

The crisis at a glance

On July 19, 2024, a software bug discovered in a content update of Windows hosts caused massive disruption for users of the CrowdStrike Falcon Platform, including system outages and operational challenges in companies and organisations worldwide.

Time and Date

Action taken

July 19, 2024, 04:09 UTC

CrowdStrike released a sensor configuration update for Windows systems. This update triggered a logic error, leading to system crashes and BSOD.

July 19, 2024, 05:27 UTC

CrowdStrike deployed a fix for the faulty update, reverting the problematic configuration.

July 19, 2024, 06:48 UTC

Google Compute Engine reported issues related to the update, following similar reports from Microsoft Azure earlier.

July 19, 2024, 07:15 UTC

Google identified CrowdStrike's update as the cause of the problem.

July 19, 2024, 09:45 UTC

CrowdStrike CEO George Kurtz confirmed that the issue was due to a faulty kernel configuration file update and assured it was not a result of a cyberattack. He also confirmed that the fix had been deployed.

Throughout the day

Media coverage began, detailing the widespread impacts across various sectors, including airlines, healthcare, and financial services.

July 22, 2024

Public Apology: George Kurtz issued a formal apology acknowledging the outage and its effects on customers. He expressed regret for the inconvenience caused and discussed the lessons learned from the event.

CrowdStrike's response: The good, the bad and the lessons learnt

Immediate technical response

CrowdStrike's technical team was on the scene immediately and fixed the problem in no time.

However, communication is just as important as solving a technical problem. PR professionals are expected to work hand-in-hand with technical teams to translate complex technical issues into manageable, understandable updates for stakeholders.

First communication

CrowdStrike was quick to inform its customers of the nature of the problem, emphasising that it was a software bug and not a cyber-attack.

However, these initial communications lacked the necessary information and empathy — they were too generalised — to prevent government agencies, for whom such malware research is extremely important, from feeling dazed and annoyed.

It just goes to show that transparency needs to be combined with empathy and detail. On the one hand, customers need to be warned and prepared for the possible consequences, and on the other, the messages need to be designed to explain what has happened.

Plain language helps to clarify the meaning, especially when it comes to technical issues.

Public apology

The public apology from CrowdStrike's CEO, George Kurtz2 , was intended to emphasise the seriousness of the matter.

However, it was criticised that the apology was not heartfelt or empathetic, showing that tone is indeed critical in crisis communications.

It would be important to train managers in crisis communication strategies, as all apologies should be sincere, show empathy and be timely. This also includes practising the wording of messages and finding a balance between accountability and the will to improve.

Technical guidance

Another highlight in terms of good responses from CrowdStrike was the very detailed technical guidance. They provided suggestions for workarounds to help affected customers resolve the issue.

Communicators need to work with technical experts to create very specific step-by-step guides. The availability of different formats — text, video and infographics — provides guidelines for different learning styles and levels of technical knowledge.

CrowdStrike warned of the exploitation that could take place during the disruption. A crisis, especially when related to safety issues, obviously requires proactive measures; the advice on how to protect against exploitation shows that they care about stakeholders beyond an immediate solution.

However, the process of remediation was very manual, took a lot of time and required a lot of work. With such complex cases in the resolution process, it is best to come out with the fact that it would take a lot of time and effort.

Ongoing crisis communication

It is important to outline reasonable stakeholder expectations and keep them informed of progress on an ongoing basis. A crisis communication hub or dashboard could help make this a little more transparent by providing real-time updates.

Consistency of all messages across all channels and preparation of media spokespeople can help ensure the message doesn't get out of hand.

Lessons learned

A detailed crisis communication plan must be drawn up in advance, defining responsibilities and information channels, and constantly updated. Acting quickly with appropriate and consistent information is the best way to gain control of a situation and build trust in the organisation.

Be open about what you know, what you don't know and what you are doing to find out more. Transparency builds credibility.

It is equally important to lead with empathy. Acknowledging the impact of a crisis on your stakeholders and using language that shows understanding and concern can go a long way to fostering goodwill.

By keeping stakeholders regularly updated, even if there is no new information, you give them the feeling that the situation is well under control. The message needs to be targeted -— to customers, employees, media and regulators — so that the needs of each key group are met and they know what they want and need.

This is important to ensure that all stakeholders are reached by utilising multiple communication channels. The message can be communicated more effectively through a mix of email, social media, press releases and video statements.

Senior management should have undergone crisis communications training to ensure their voice is strong enough to sway public opinion in a positive direction3 .

The second important area of crisis communication is monitoring and responding to feedback. Stakeholder reactions can indicate where the strategy should be changed.

When the crisis is over, an effective review of communication efforts will show what worked well and where improvements need to be made.

Final thoughts

Although the situation with the CrowdStrike Falcon platform was undoubtedly a serious challenge, it is a prime example of crisis communication. Valuable lessons and guidelines for crisis management can be learnt from the positive and negative aspects of the response to a crisis.

Effective crisis communication is more than just damage limitation; it is an opportunity to take the lead, reinforce the organisation's values and improve the organisation's relationship with its stakeholders.

By focusing on transparency, empathy and proactive communication, organisations can better manage crises and emerge stronger.

If we improve our approach and continuously learn from real cases like the CrowdStrike incident, we will definitely help our organisations become more resilient and maintain trust in difficult circumstances.

Be prepared, stay empathetic and remember: in the world of crisis communications, how you respond is often just as important as what you respond to.

I look forward to hearing your thoughts and experiences on this important topic!

References and further reading.

1  Li, F. (2024, July 21). Microsoft-CrowdStrike outage: how a single software update was able to cause IT chaos across the globe. The Conversation. https://theconversation.com/microsoft-crowdstrike-outage-how-a-single-software-update-was-able-to-cause-it-chaos-across-the-globe-235165

2  Brady, D., & Gordon, N. (2024, July 23). CrowdStrike’s CEO confronts his own crisis. Fortune; Fortune. https://fortune.com/2024/07/23/crowdstrike-ceo-george-kurtz-outage-crisis/

3  Corden, J. (2024, July 19). CrowdStrike’s CEO finally apologizes after users react angrily to the firm’s response to the Windows BSOD apocalypse. Windows Central; Windows Central. https://www.windowscentral.com/software-apps/windows-11/crowdstrikes-ceo-finally-apologizes-after-users-react-angrily-to-the-firms-response-to-the-windows-bsod-apocalypse

Learn AI in 5 Minutes a Day

AI Tool Report is one of the fastest-growing and most respected newsletters in the world, with over 550,000 readers from companies like OpenAI, Nvidia, Meta, Microsoft, and more.

Our research team spends hundreds of hours a week summarizing the latest news, and finding you the best opportunities to save time and earn more using AI.

🎧 Do you listen to podcasts? This newsletter is now available in audio format on Google Podcasts, Spotify, Stitcher, Deezer, Listennotes and many more.

What I am reading/testing/checking out:

  • Perplexity (get $10 off with this link): Ask your questions and receive concise, accurate answers backed up by a curated set of sources. It has a conversational interface, contextual awareness, and learns about your interests and preferences over time.

  • Tool: Supademo is an AI assisted “demo” creation platform. For when words are not enough.

  • Study: Knowledge of declared behaviour: effect of attitude and intention.

  • Tool: ZeroWork, automate repetitive tasks without code

How satisfied were you with the content in this edition? 📚

Login or Subscribe to participate in polls.

PS: I hope you've enjoyed this newsletter! Creating it each weekend is a labour of love that I provide for free. If you've found my writing valuable, the best way to support it is by sharing it with others. Please click the share links below to spread the word with your friends and colleagues; it would mean so much to me. Thank you for reading!

Parts of this newsletter were created using AI technology to draft content. In addition, all AI-generated images include a caption stating, 'This image was created using AI'. These changes were made in line with the transparency requirements of the EU AI law for AI-generated content. Some links in this newsletter may be affiliate links, meaning I earn a small commission if you click and make a purchase; however, I only promote tools and services that I have tested, use myself, or am convinced will make a positive difference.

Reply

or to participate.