Technology and the privacy security have not had the best times in the last two weeks. None more so than the security technology company CrowdStrike. Through one mistake in their software code, they inadvertently caused chaos on a global scale, with some companies still not at full capacity. The shutdown shows how vulnerable our world, as connected as it is, to a global shutdown not unlike the COVID pandemic
CrowdStrike’s security systems are centered what is known as an endpoint protection service. Endpoints are what you access the internet with every day, from laptops and tablets computers to desktops to even your cellphones.(1) Malicious actors target these endpoints because they are the gateway into private servers and other valuable data. Viruses like the Emotet virus that target them are nearly impossible to remove and may result in having to replace the infected device.
The problem with CrowdStrike stemmed from a routine update that didn’t interact with end user machines properly. Like with everything computer related, updating your programming to combat the latest threats to security and data is vital and even mandatory for new systems sop these updates are pushed automatically to all its user machines. So for example, a patch developed for a virus discovered in Australia could be updated to machines worldwide automatically. Theoretically, that’s a good thing as worldwide machines could benefit from the combined user network of such a large organization.
Unfortunately for CrowdStrike, this update contained a flaw that, according to the preliminary report released July 24th, was not filly vetted or beta tested before it launched(2). The flaw interacted with Windows systems badly and caused the infamous Blue Screen of Death. While the update was rolled back within an hour of it being revealed in Australia, the damage was done. Systems that were off at the time were unaffected but those that couldn’t be shut off created the chaos that made headlines around the world. The two most visible were airlines and healthcare systems around the globe as they were not able to be shut off without serious issues.
Compounding the issue is the fact that some of these servers were ironically off site to prevent exactly this issue from crashing their servers. Add in, having it happen on a weekend and a heavy travel day and you create a recipe for disaster. The largest airline in the US that avoided it was Southwest, reportedly because they do not run CrowdStrike on their legacy systems. Delta Airlines by contrast had issues with their crew resource software that forced cancelled flights throughout the week while Southwest was minimally impacted due to not relying on CrowdStrike’s software.(3) The estimated damages are currently $1.5 Billion, that number expected to rise in the coming weeks.
While CrowdStrike was the big headline in July for the amount of damage potentially done, it was not the only big name with cyber issues in the last month. Disney was compromised by a bad actor, stealing 1.1 Terabytes of internal data, which has gotten the attention of several regulators. AT&T, already under scrutiny from a February shutdown similar in scope to the CrowdStrike shut down, was compromised and over 110 million accounts were affected the same week Disney was hit. All of these attacks and others like have shown world is incredibly vulnerable due to its tech and we don’t even realize the extend of dependence we have on these systems. In the situation with CrowdStrike, one company took down almost the entire planet’s airline system. our connected world is. With multiple Fortune 500 companies using their service, it can impact everyday life whether it meant to or not. It also shows that updating your systems is crucial but if the update is flawed it can cause chaos.