The world is facing what appears to be the biggest IT disruption in history, caused by a faulty update of Crowdstrike’s endpoint security software for Windows machines. The disruption, which has been ongoing for over 16 hours, has caused significant chaos in several organizations.
Impact on the Market and Recovery Measures
The stock prices of Crowdstrike and Microsoft have dropped considerably as a result of this incident. Both companies are constantly offering and updating recommendations on how organizations can recover affected workstations and endpoints.
While restoration might not be a major issue for IT sector organizations with a good number of specialized staff, the process will likely be long and complicated for those who have outsourced their IT departments or have a large number of dispersed Windows-based systems, such as information kiosks, display systems, and Point of Sale (PoS) systems.
Additional Threats and Warnings
Guy Golan, CEO and Executive Chairman of Performanta, stated: “This incident is going to cost companies billions, lead to legal actions, and affect businesses and users in ways never seen before.” He also emphasized that attackers could take advantage of the current chaos to identify Crowdstrike users, which could lead to further cybersecurity complications in the future.
Crowdstrike has warned organizations to ensure they communicate through official channels. Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, reported receiving phishing emails pretending to be from “Crowdstrike Support” or “Crowdstrike Security.” Ullrich urged caution with any “patch” received in this manner, as attackers are likely exploiting the media attention on the incident.
From the cybersecurity area of Stackscale, David Carrero, co-founder of this European infrastructure and cloud company that is part of Grupo Aire, highlighted the importance of having critical environments that meet the needs before infrastructure updates in stages, as well as not depending on large hyperscalers and having exclusive-use computing in bare-metal or cloud solutions.
The Need for Cyber Resilience
Brian Honan, CEO of BH Consulting, emphasized the need for organizations to consider cyber risks as business risks and not just IT risks, and plan accordingly. “Organizations should design, implement, and regularly test robust cyber resilience and business continuity plans, not only for their own systems but also for those services and systems in their supply chain,” Honan stated.
Tony Anscombe, Chief Cybersecurity Evangelist at ESET, mentioned the importance of diversity in large-scale IT infrastructure to prevent a single technical incident from causing global disruptions.
Unanswered Questions and Future Advice
Questions have been raised about Crowdstrike’s testing and quality assurance processes to prevent impacts on their clients. Tom Lysemose Hansen, CTO of Promon, suggested that issues associated with implementing faulty updates are why many companies wait before applying patches.
Jake Williams, former NSA hacker and VP of R&D at Hunter Strategy, indicated that this incident highlights the risks of SaaS-based services that take update cycles out of the control of system administrators. “We should expect changes in this operational model,” Williams opined.
Update
Crowdstrike has released technical details related to the faulty update, although the root cause is still under investigation. The company has reiterated that “this issue is not the result of a cyberattack.”
This incident underscores the critical importance of having contingency plans and the ability to quickly respond to unforeseen software failures, as well as the need for effective coordination and clear communication among all involved parties.