Massive CrowdStrike technical outage highlights global vulnerabilities
Following the major technology outage linked to a CrowdStrike update, businesses and governments alike need to step up their cybersecurity efforts.
A Microsoft Corp. Windows Recovery screen is seen at John F. Kennedy International Airport (JFK) in New York, US, Friday, July 19, 2024. Airlines around the world experienced disruption on an unprecedented scale as a global computer failure grounded planes and caused chaos at airports.
Michael Nagle/Bloomberg via Getty Images
The following essay is 
The Conversation is an online publication covering the latest research.
The global information technology outage that occurred on July 19, 2024 paralyzed organizations ranging from airlines to hospitals and even the delivery of Olympic uniforms, raising concerns for cybersecurity experts, businesses and governments.
The outage symbolizes the interdependence of organizational networks, cloud computing services, and the Internet, and the vulnerabilities that this brings. In this case, a glitch in the automatic updates of CrowdStrike’s widely used Falcon cybersecurity software caused PCs running Microsoft’s Windows operating system to crash. Unfortunately, many servers and PCs had to be repaired manually, and many of the affected organizations have thousands of servers and PCs distributed around the world.
Support science journalism
If you enjoyed this article, please support our award-winning journalism. Subscribe. By purchasing a subscription, you help ensure a future of influential stories about the discoveries and ideas shaping the world today.
For Microsoft, the problem was made worse by the company releasing an update to its Azure cloud computing platform at roughly the same time as the CrowdStrike update. Other companies, including Microsoft, CrowdStrike and Amazon, have announced technical workarounds for customers who want to address the issue themselves. But for the vast majority of users around the world, especially businesses, this is not a quick fix.
Modern technology incidents, whether cyber attacks or technical issues, continue to paralyze the world in new and interesting ways. Large-scale incidents like the CrowdStrike update outage not only cause disruption to the business world, but also disrupt global society itself. The economic losses caused by such incidents (lost productivity, recovery, interrupted business and personal activities) can be enormous.
As a former cybersecurity professional and current security researcher, I believe the world is finally beginning to wake up to the fact that the modern information society is built on extremely fragile foundations.
Overall picture
Interestingly, on June 11, 2024, CrowdStrike’s own blog post seemed to predict this exact situation – a vendor’s flawed technology putting the global computing ecosystem at risk – but likely didn’t expect that their own products would be the culprit.
The software supply chain has long been a serious cybersecurity concern and a potential single point of failure. Companies such as CrowdStrike, Microsoft, and Apple have direct and trusted access to organizations and individuals’ computers. As such, companies must trust not only their own security, but that the products and updates they release are thoroughly tested and robust before being applied to customers’ systems. The SolarWinds incident in 2019 involved a software supply chain hack and may be seen as a preview of today’s CrowdStrike incident.
CrowdStrike CEO George Kurtz said:This is not a security incident or cyber attack.“The issue has been identified, isolated, and a fix has been deployed.” From CrowdStrike’s perspective, it may be true that they were not hacked, but that doesn’t mean the impact of this incident won’t pose security issues for their customers. In the short term, organizations may be able to Disable some Internet security devices They tried to get ahead of the problem, but by doing so they could have left themselves open to criminals breaking into their networks.
Users may also become targets for various scams that exploit their panic and ignorance about the issue. Confused users may accept fake support offers that could lead to their personal information being stolen, or they may end up spending money on fake solutions to the problem.
what will you do
Organizations and users will need to wait until a fix is available or attempt to recover on their own if they have the technical ability. After that, I think there are a few things to do and consider as the world recovers from this incident.
Businesses need to ensure that the products and services they use are trustworthy, which means they must do their due diligence on the security and resilience of the vendors of such products. Larger organizations typically test product upgrades and updates before releasing them to their internal users, but some everyday products, such as security tools, may not undergo testing.
Governments and businesses alike need to design their networks and systems with a focus on resiliency — that is, to avoid single points of failure in infrastructure, software, or workflows that could be targeted by an adversary or exacerbated by a disaster — and to understand whether the products on which an organization depends are themselves dependent on other specific products or infrastructure to function.
Organizations must renew their commitment to best practices in cybersecurity and general IT management. For example, having robust backup systems in place will facilitate recovery from such incidents and minimize data loss. Having the right policies, procedures, personnel, and technical resources in place is essential.
Software supply chain issues like these make it difficult to follow standard IT recommendations to keep systems patched and up to date. Unfortunately, you must weigh the cost of not updating your systems regularly against the risk of this happening again.
This article was originally published on conversation. read Original Article.
