RB Consultancy Ltd Logo
Call NOW

Cyber Security Consultancy: Change Management

A single change can bring multiple organisations to a standstill – the July 2024 CrowdStrike incident proved this, causing widespread outages across airlines, hospitals, and banks without any threat actors involved. Effective IT change management and business continuity planning require thorough testing, risk assessment, and rollback procedures before changes go live. Robust incident prevention through structured change processes helps organisations avoid turning routine updates into operational disasters.

In this article we explore why change management matters, using the CrowdStrike event as a case study. It provides practical guidance, recommended actions, and insights on how organisations can reduce operational risk, improve resilience, and avoid disruptive incidents.

Introduction

The organisation is thriving – recognised as the market leader. Use of emerging technology, for thousands of customers and trust that first class services are provided. Growth continues, with digital transformation helping to drive revenue. Then, it happens…

Customers start complaining. Flights are cancelled. Hospitals revert to pen and paper. Outages occur for major social media companies. A massive global outage occurs, spreading within hours – not from hackers, but from a single update that’s gone wrong.

This introduction is based on the 2024 CrowdStrike incident, where a software update triggered a worldwide outage across Windows systems. In this article, we explore how change management is a key component of cyber resilience – we reference a case study, provide general guidance and recommendations.

What is Change Management?

Change management is about securely managing operational activity through monitoring, review and governance – it prevents disruption and facilitates timely backup and recovery.

Relatable Case Study

  • Organisation: Crowdstrike (Global cyber security provider)
  • Incident: In July 2024, a routine update caused system to crash globally. Crowdstrike customers including airlines, hospitals, banks, and government services were effected. Root cause was linked to a flaw in the update process – no threat actors were involved. 
  • Financial Implications: Estimates suggest tens of millions of pounds in downtime losses as a minimum. Legal implications were also encountered.
  • How it Links to the Technical Intrusion Theme: 
    • Change Management: updates require through testing, risk assessment, and reversion
  • Source: https://www.bbc.co.uk/news/articles/cpe3zgznwjno 

General Guidance

  • Have a clear process to follow for making changes to systems or services 
  • Check for risks – think what could go wrong before making changes
  • Let people know what’s changing so they can help and prepare
  • Watch what happens after a change has been made – keep an eye out for problems

Learn and continuously improve (testing incident response procedures)

Recommended Actions

  1. Keep it simple and secure
  2. Understand your organisational assets and key suppliers
  3. Align roles and responsibilities and provide appropriate training for people
  4. Use a risk assessment to help drive the requirements for your organisation 
  5. Track changes and seek approval before starting – communicate well
  6. Carry out research to proactively identify risks and put measures in place to avoid issues 
  7. Test and quickly identify issues – apply backout, reversion and restore action (if necessary
  8. Seek guidance and support from an IASME Certification Body and Certified Information System Security Professional (CISSP) – such as RB Consultancy Ltd

How We Help

At RB Consultancy Ltd, we support organisations by:

  • Providing templates, guidance and experience to support
  • Explaining what security measures are available and how they can help
  • Collaborating to implement controls to support the requirements
  • Assessing and issuing certifications – such as Cyber Essentials, Cyber Essentials Plus and Cyber Assurance

Contact us for consultancy and certification support

Conclusion

Effective change management can help avoid major incidents – by proactively reviewing risk and planning for issues. The CrowdStrike related incident in 2024 provides a good example of where simple changes can lead to massive disruption. Steps can be taken to understand risk, communicate and plan to reduce risk and manage change. 

RB Consultancy Ltd helps organisation understand the importance of change management – we support the implementation of appropriate measures to help build cyber resilience. We are an IASME Certification Body and NCSC Assured Service Provider who provide services to empower and protect organisations. Holding CISSP and ISO 27001 lead implementer certification, you can Contact Us for assistance with cyber security resilience.

This blog is written by Remo Belisari, Managing Director of RB Consultancy Ltd. He is an experienced cyber security professional and cyber advisor. Remo holds certifications in CISSP, ISSAP, ISO 27001, Cyber Essentials, and IASME Cyber Assurance. He has many years of experience in IT and cyber security. He has supported organisations worldwide. His work includes helping a Fortune 500 company in the USA and over 100 organisations across the UK. The views in this blog are his own. They do not necessarily reflect the views of RB Consultancy Ltd, its clients, partners, or affiliates. The content is for general information only. 



Tagged , , , , ,