Back to the overview
07-25-2024News

Table-Top Exercise for Disaster Recovery System of the Law Firm

CrowdStrike Incident

On July 19, 2024, HEUKING - like many other CrowdStrike customers - was affected by the global incident caused by a faulty update of CrowdStrike's Falcon security software. This update led to a logic error that brought many systems worldwide to the so-called "Blue Screen of Death" (BSOD) and caused and still causes numerous IT outages. Industries such as banks and airlines, among others, were severely affected.

Our law firm was also severely affected by this incident at times. More than a hundred servers and end devices were down. However, the incident showed that the disaster recovery processes of the law firm work well. "It was like a table-top exercise that proved the effectiveness of our processes and responsiveness in crisis situations and strengthened our confidence in our security measures and our team," says Mathias Espeloer, Director IT at HEUKING.

Thanks to the secure and redundant storage of hard disk keys, the comprehensive backup of local administrator accounts and the structured and effective management of the law firm's devices, the incident was resolved quickly and efficiently. The Incident Response Team, as well as all of the administrators and support staff involved, worked hard to recover the systems from the moment CrowdStrike's workaround was announced. Within two hours, the critical server systems were functional again. After four hours, only a few end devices were affected, which were gradually cleaned up over the next few days. The lawyers and employees were thus informed in the morning about an all-clear and the functionality of the systems.

CrowdStrike had proactively offered the law firm its help on Friday. Current and former Customer Success Managers and their technicians contacted HEUKING immediately and offered their support, but thanks to our quick response and high level of internal expertise, we did not have to rely on third-party support. 

What have we learned from this incident and what can others learn from it?

  • Create emergency and response plans and keep them up to date
  • Define clear competencies before the emergency
  • Keep communication channels redundant
  • Configuring BitLocker and LAPS - Providing Keys and Access Redundantly
  • Introduce asset management and keep it up-to-date
  • Maintain an effective network to be continuously supplied with up-to-date information

These measures are critical to the resilience and security of any organization.

Download as PDF
Download as PDF

You are currently using an outdated and no longer supported browser (Internet Explorer). To ensure the best user experience and save you from possible problems, we recommend that you use a more modern browser.