One of the largest IT outages in history leaves many businesses, government services, and everyday life disrupted returning global last week. The incident, which involved 8.5 million Microsoft Windows devices was caused by a faulty software update from cybersecurity firm CrowdStrike. The chaos that ensued exposed crucial cybersecurity challenges and illustrated the need to have security mechanisms in place for when something like this goes down on a massive scale.
The faulty update to CrowdStrike’s Falcon software disabled machines cultivated by Microsoft Windows, resulting in the blue screen of death error. The impact of the incident was felt across a number of verticals including airlines, banks and healthcare providers to media companies. CrowdStrike CEO George Kurtz stressed that it was not a cyberattack but as an “issue related to our technology,” adding: We understand the seriousness of this issue and are very sorry for any inconvenience and disruptions. As always, we’re working with all affected customers to ensure that systems are brought back online and the services they provide their own customers can be delivered. (X.com)
Banks and financial institutions in different countries, from Australia to India and South Africa warned customers services could be impacted. The London Stock
Exchange suffered technical difficulties which disrupted its new service and caused delays in opening trades. Moreover, the BBC had to bring five live broadcast cameras using people in London into its Sydney studio while Australian ABC and Network Ten were badly impacted as was Sky News from the UK. Sky News went down for an hour at the start of Morning with no live coverage.( Al- Jazeera)
In the wake of this incident, CrowdStrike was eviscerated for a “$10 UberEats credit” offered to affected customers, with the offer widely panned as insufficient. Team members from the world of cybersecurity who have been given access to CrowdStrike’s functioning say it included a number of security weak points, particularly its update testing and deployment procedures. Cybersecurity researcher Kevin Beaumont took to Twitter and described the lack of phased rollouts in this manner as a critical error. Cybersecurity consultant Daniel Card emphasized the lack of sufficient safeguards to prevent such occurrences
It imposes an economic toll, estimated at more than $1 billion in damages. US insurance firm Parametrix said the top 500 US companies alone could suffer
$5.4bn of losses, most well below that insured limit. The U.S. government is investigating Delta Airlines for its handling of the outage, while CrowdStrike CEO George Kurtz was called to testify before Congress in relation to a different security breach incident involving Turkey’s National Intelligence Organization (MİT). The House Homeland Security Committee also cited the wider national security risks of being dependent on one network, which prompted its request for a hearing
This is yet another case of the increasing requirement for fortified cyber resilience plans. Identifying and protecting critical processes, aligning cyber-defenses with overall business strategies, and real-time prioritization must all be fast-tracked by businesses and governments alike. It also underscores the need for resilience, not just in an individual system but at a systemic level to balance centralized high- assurance / protection architectures with more decentralized, lighter weight systems so that global cascading effects are offset by lower-impact local failures.
It was a major lesson in the fragility of hugely complex, networked digital systems that can falter if almost any part fails and highlights how even brief outages or disruptions have ripple effects across entire sectors. Now, as the world moves forward after a massive disruption like this one – new lessons have been learned and lasting change will be required to better protect against future cybersecurity threats.
Written by Moeez Ajmal
Share this:
