Inside CIOs’ response to the CrowdStrike outage — and the lessons they learned

“We were able to get all servers up and running within three hours and … all laptops up and running by that Friday afternoon,’’ says John Roman, CIO at The Bonadio Group, a national CPA firm, estimating that about 300 out of 1,100 total devices were impacted.  “The reason we were able to do that was we implemented our incident response plan. Most incident response plans are created in the event there’s some type of malware incident. We genericized ours to take into consideration any type of incident — including a global pandemic.”

Once the incident response plan was deployed, the second step was calling on everyone in IT to implement the script CrowdStrike created to fix the problem, says Roman, who was also in constant communication with the firm’s leaders and all employees through their firmwide texting service, intranet portal, and email.

Like Mainiero, Roman says the timing of the outage made a difference. “If there’s any good news, it’s that we’re an accounting firm and we’re busy all year round, however, probably our busiest time of year is tax season,’’ he says. “Had this happened in March, there would have been a significant business impact because we wouldn’t have been able to perform tax services, but because it happened in the dead of summer and we were able to remediate it as fast as we did, the business impact was minimal.”