Progressive Computing CTO and cofounder Robert Cioffi is no stranger to dealing with a crisis. Three years ago his firm and his firm's customers were hit by the Kaseya ransomware incident -- a security event that sent shockwaves across the managed services ecosystem.
We reached out to Cioffi to get his thoughts on MSPs and the industry in the wake of a different kind of crisis -- the CrowdStrike IT outage. Here's what Cioffi had to say.
A full transcript is available below, too.
Be sure to also check out the CyberRisk Alliance Network's full coverage of the CrowdStrike outage here:
- MSPs Come Together to Hasten CrowdStrike Outage Remediation
- MSSPs Help Organizations Through CrowdStrike IT Outage
- Security pros brace for manual system-by-system fix to CrowdStrike outage
- CrowdStrike Update Causes Global Outages: Analysis
- What the CrowdStrike update outage means for cybersecurity
- Seven tips that offer short-term and long-term fixes following the CrowdStrike outage
- CrowdStrike confirms faulty update is tied to massive global IT outage: ‘Fix has been deployed’
- Analyzing the CrowdStrike Incident and Its Ripple Effects
Transcript: Incident Response Skills and Empathy are Both Key
Hi, my name is Robert Cioffi. I'm the CTO and co founder of an MSP based in Yonkers, New York. We've been providing IT services for small and mid sized businesses for the last 31 years.
I'm no stranger to cybersecurity incidents, whether they're human caused via a malicious act, or whether there's human error, as we've seen with CrowdStrike. Today, this is not something that is unusual in this industry.
And it is something that we all need to be very prepared for.
Luckily, we've had no impact from the CrowdStrike bug this morning. There's been very few minor inconveniences, some travel issues for some of our customers that we've caught wind of and one or two applications that were down for an hour or so and then were restored cloud based applications. But luckily, we have been largely unaffected by this.
However, I've been receiving calls and outreach from some of my friends in the industry that have a little bit more impact than we do.
I am no stranger, again, as I said earlier, to the effects of a problem within the community. In our particular case, we were affected by a mass scale ransomware attack three years ago, and the way the community responded to assist us, our peers, both local and from across the country, solution partners and just friends who came to our aid was one of the major reasons why we were able to survive, and then thrive post attack.
What I've been encouraging the community since then, I'd like to think that I'm a bit of an evangelist in this way, is to remember our empathy and our compassion skills that when something bad happens within the industry now be it at a global scale, be it something maybe beyond the reach of most MSPs we've all got to come together as the IT professionals, the very first thing that we need to do is put down the swords.
Let's stop with the snarky memes and the jokes. People's lives and businesses are impacted by events like this again, be they malicious or be they just a simple mistake. And granted, those that make these mistakes aren't necessarily off the hook.
But our initial reaction must be how can I help? And if I can't help, then let me stay out of the way. I think it's really important in events like this, that it helps us practice for when the bigger problems arise. For instance, with a CrowdStrike issue today on July 19 2024, we've got a fairly simple fix. The issue is it's more of just the widespread nature of it, requiring enormous amount of time to recover. But there's a there's a clear or a clear path in front of us on how to recover from this.
So let's remember to exercise our incident response skills, our empathy skills and check in on each other right reach out to your friends in the industry and make sure that everybody is okay and be willing to offer assistance wherever you can.
