Written by: Laurie Asmus, Content Marketing Lead at Black Kite

At financial services companies, Mondays signify the beginning of the trading week with a flurry of activity. On the other hand, Fridays tend to be the quietest day of the week. But when Michelle Scwhab, Chief Compliance Officer (CCO) at financial services firm Ellsworth Advisors first heard about the CrowdStrike outage via an early-morning phone call, she knew this wouldn’t be any ordinary Friday at work. 

Schwab had no idea how this incident would affect her company and team, but she knew she’d need to dig in and get to the bottom of it fast. Although it wasn’t immediately clear if the outage was directly affecting Ellsworth, it was certainly disrupting their business partners and Schwab struggled to identify specific impacts or pinpoint affected areas. She had read the news but the flood of unactionable information did not apply specifically to her business or point her in the right direction to ensure her company was secure.

Noise vs. Signal: Getting to Actionable Information

This was a classic case of too much noise and not enough signal — something security and compliance professionals often struggle with, especially when it comes to unexpected business interruptions.

Then Schwab got an email from Black Kite:

CrowdStrike, a prominent cybersecurity firm, caused the Blue Screen of Death (BSOD) on thousands of Windows machines, leading to widespread and global operational disruptions across many sectors including airlines, financial institutions, healthcare services, and more. The issue stems from a faulty software update rather than a cyberattack.

Identify potentially impacted vendors by using filtering on the CrowdStrike FocusTag™ from your Companies List

Read more about CrowdStrike FocusTag™.

This gave her the first real piece of information that she could act on.

With the FocusTagsTM report in hand, Schwab was able to:

1. Quickly identify which vendors were impacted

2. Prioritize assessment of vendors handling sensitive client data

3. Document findings for compliance and future reference

4. Make informed decisions about necessary follow-up actions

Of course, Schwab’s number one priority was determining which of their impacted vendors handle personally identifiable information (PII) and other sensitive customer data. With Black Kite FocusTags™, she could quickly see that none had been compromised. This was a huge relief.

Schwab then began putting together a file about the incident, using FocusTags™ to fill in key details that could be used down the road to address any potential fallout. This made her job far easier than if she’d had to call up each of Ellsworth’s vendors to ask how they’d been affected.

Later, Schwab sent us this email about the CrowdStrike FocusTag™ notification:

“Thank you! This was the most useful piece of information I got on Friday about this issue.” 

– Michelle Schwab, Chief Compliance Officer at Ellsworth Advisors

With the confidence that the outage didn’t pose the risk of exposing sensitive customer information, Schwab was able to file her report on the incident. It was a rare, beautiful summer day in Ohio, so Schwab left work early once she’d completed her duties. Despite the day’s hectic beginning, her mind was at ease knowing Ellsworth’s customer data was safe and sound.

Many other security and compliance professionals could not say the same that Friday.

Finding Focus to Respond Faster

Complicating matters further, recent cyber disclosure regulations have become more stringent recently, especially regarding breach notification. The SEC requires finserv companies today to notify those materially impacted by a breach or incident within 72 hours

But a lot can happen in the span of four days. When Zero-Day events or unexpected outages occur, security teams must rapidly identify the impact on their environment, prioritize remediation efforts, and communicate clearly with affected stakeholders. Given the complexity of digital supply chains today, it’s often tough to dig up the right information and piece it together promptly.

This is exactly why we created FocusTags™ – to enable organizations of all sizes to have the most pertinent information about high-profile cyber events at their fingertips as quickly as possible.

Complex Supply Chains Complicate Risks

While the CrowdStrike incident received a lot of attention, the main takeaway from that day is not about this specific outage. Rather, the incident highlights just how interconnected modern organizations are: The sprawl of software, vendors, contractors, and other third parties means that a single incident can have far-reaching consequences. 

Illustrating this trend, Black Kite’s 2024 Third-Party Breach Report found 81 third-party breaches in 2023, impacting 251 companies as the consequences rippled out.

Supply chains will only grow more complex over time, so organizations need to have a plan in place to not just observe and protect their own systems and infrastructure but to have visibility into their supply chains and potential risks that may arise from them.

How FocusTags™ Work to Identify Critical Events Fast

Black Kite’s FocusTags™ offer users a simple and effective way to track major cyber incidents. They allow companies to assess their supply chains for risk and understand which vendors are affected by an incident, breach, or outage. They are automatically applied to any high-profile incident, but can also be leveraged to organize information about your supply chain. 

Within hours of an event, FocusTags™ will automatically identify and flag any third parties that have been affected by:

  • Data breaches
  • Ransomware
  • Geopolitical events
  • Software vulnerabilities

This ensures that security and compliance professionals like Schwab can quickly access the information they need to address time-sensitive issues and mitigate overall risk to their organizations. FocusTags™ isolate signals from noise and provide peace of mind, as well as strengthened security and compliance postures.

To learn more about how FocusTags™ can help you the way they helped Ellsworth Advisors during the CrowdStrike incident, request a demo of our platform today.

A huge thank-you to Michelle Schwab and the Ellsworth Advisors team for allowing us to share their story with our audience.

For further reading, check out our other blogs related to the CrowdStrike incident:

By Jeffrey Wheatman, Senior Vice President, Cyber Risk Strategist:

By Ferhat Dikbiyik, Chief Research & Intelligence Officer:



Want to take a closer look at FocusTags™?


Take our platform for a test drive and request a demo today.




Request a Demo