Risk-averse firms chose CrowdStrike for security, now its software fails
Search our blog for articles and insights right here, just type your interest and dive into a world of knowledge.
Popular articles
Global Fallout from Glitch in Leading Cybersecurity Firm's Update
In an unprecedented event, a faulty software update from cybersecurity giant CrowdStrike led to widespread disruptions across various critical sectors, including airlines, banks, hospitals, and media outlets. Friday witnessed grounded flights, offline financial services, and hindered operations in retail and healthcare due to a mistake in the software used to defend against cyber threats.
This reliance on a singular company for cybersecurity was highlighted by Gregory Falco, an assistant professor of engineering at Cornell University. He pointed out, "What really causes this mess is that we rely on very few companies, and everybody uses the same folks, so everyone goes down at the same time."
CrowdStrike clarified that the issue affecting computers running Microsoft Windows was not a result of hacking or a cyberattack. The company issued an apology and announced that a solution was underway. However, Gartner analyst Eric Grenier noted that implementing the fix required on-site efforts, saying, "The fix is working, it’s just a very manual process and there’s no magic key to unlock it."
Although not every organization uses CrowdStrike’s Falcon platform, the company stands as a leading provider of cybersecurity, especially valued in the transportation and banking industries. Falco explained that such sectors prefer reliability over innovation, opting for solutions that ensure coverage and accountability. "They’re usually risk-averse organizations that don’t want something that’s crazy innovative, but that can work and also cover their butts when something goes wrong. That’s what CrowdStrike is," he stated.
A Historical Perspective and Modern Concerns
The incident draws parallels with the fears surrounding the Y2K bug in the late 1990s—a time when experts warned that a technical glitch could wreak havoc as the millennium turned. Australian cybersecurity consultant Troy Hunt commented on the similarity via the social platform X, noting, "This is basically what we were all worried about with Y2K, except it’s actually happened this time."
However, Falco pointed out a key difference in today's context: "What’s different now is that these companies are even more entrenched.” He highlighted the illusion of choice within the industry: "We like to think that we have a lot of players available. But at the end of the day, the biggest companies use all the same stuff."
This incident underscores the fragility of the global technology ecosystem and the critical need for robust, diversified cybersecurity solutions. The dependence on a narrow pool of providers makes the entire infrastructure vulnerable to cascading failures, as evidenced by the events of Friday. Moving forward, it raises important questions about the sustainability of the current model and the potential need for more varied cybersecurity vendors to mitigate such risks.
