The events of last night have already been called the worst IT outage of all time. But what really happened?
As you’ve probably seen, the problem came down to a company called CrowdStrike. Unless you work in the IT or cybersecurity world, it’s likely not a company you’ve heard of before. But if there’s anything we’ve learned from all this, it’s that even a seemingly small mistake can have a huge impact on the entire infrastructure of modern life.
What is CrowdStrike?
CrowdStrike is a cybersecurity firm founded in 2011 in Austin, Texas. It offers cloud-based online security solutions to tech giants such as Amazon’s AWS, airlines, and banks. CrowdStrike is also a cloud-based company that manages endpoint protection, antivirus capabilities, real-time monitoring, and threat detection to avoid unauthorized access to the protected company’s systems — with the stated goal of protecting its customers from hackers and breaches.
The company has quite a pedigree in the industry. It’s been involved in a number of prolific cyberattacks, such as the Sony Pictures hack in 2014 and even the Democratic National Conventional email leak in 2016. By 2017, CrowdStrike was valued at over a billion dollars. It has an impressive list of customers, 500 of which are on the Fortune 1000 list. It also does work in over 170 countries, bring in over $900 million in revenue, and has about 29,000 customers.
Point being, CrowdStrike is a big player in the game, which explains how its mistake had such wide-ranging effects. And now, it’s responsible for bringing legions of Windows computers and industries to a standstill with the release of a faulty update on Friday, July 19.
What really happened?
When it comes down to it, CrowdStrike is responsible for the faulty code that meddled with core functions on the affected Windows computers, displaying a message that “Your PC ran into a problem and needs to restart.”
The company’s Falcon Platform is where the problem lies. The software prevents breaches by combining cloud-delivered technologies to avert all kinds of attacks. It’s a 100% cloud-based solution that offers online malware, virus, and cyber threat protection. It’s a software tool that runs compatible with classic antivirus software on a desktop PC. A monumental error in a released update is the link in the chain that halted the world.
CrowdStrike CEO George Kurtz says that this is not the result of a security or cyber incident. He also said, “We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.” in a post on X (formerly Twitter).
Today was not a security or cyber incident. Our customers remain fully protected.
We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can…
— George Kurtz (@George_Kurtz) July 19, 2024
Affected companies such as Microsoft said it had fixed the issue and recovered the Microsoft 365 services and apps. However, it will continue to monitor the problem.
The situation couldn’t have occurred completely on its own though. According to a cybersecurity expert at CovertSwarm, Tony Law, Microsoft has a part to play as well.
“It is interesting to see all the speculation going on,” Law stated in an email to Digital Trends. “Meanwhile, according to Microsoft themselves (in a notice to their customers) ‘A configuration change in a portion of our Azure backend workloads, caused interruption between storage and compute resources which resulted in connectivity failures that affected downstream Microsoft 365 services dependent on these connections,’ so it seems to be self-inflicted. The unconnected CrowdStrike issue was seemingly simply buggy code that wasn’t QA’d sufficiently.”
Law goes on to say that business and organizations need to be wary of letting auto-update software releases be pushed to production without proper testing.
Another cybersecurity expert who reached out to Digital Trends agreed. Martin Greenfield, the CEO of the cybersecurity firm Quod Orbis, saw a larger problem in the connection of Microsoft.
“The involvement of Microsoft operating systems in this outage emphasizes that even simple steps like keeping software current can significantly reduce vulnerability,” he stated in an email. “Yet this fundamental practice is often overlooked, leaving systems unnecessarily exposed. This also applies to security vendors themselves who should be running regular tests on their solutions to ensure they’re up to date with the threat landscape.”
What happens next?
As the world attempts to come back online, there will be a wide-ranging impact of the outage. Tom’s Hardware noted that CrowdStrike’s market cap already plunged by $12.5 billion just today. Some experts have claimed that there will be legal action and possibly future cybersecurity risks as well.
Greenfield says companies need to realize how interconnected the entire global IT system has become. “Companies must conduct thorough risk assessments, not just of their own systems, but of their entire supply chain and third-party dependencies. This incident demonstrates how a single point of failure can have far-reaching consequences across multiple sectors and geographies,” he said.
Another expert who reached out to Digital Trends, Guy Golan of Performanta, says this may only be the beginning of these types of outages.
“This isn’t the fault of one vendor — perhaps market pressures have led to such a catastrophe,” he said. “More outages should be expected unless organizations of all sizes start to understand that the digital world is just as significant in the 21st century as the physical world. It’s about time we elevated cyber issues to the top of the agenda and understood the full effects of market pressures.”
Companies will no doubt be clamping down on IT infrastructure in the wake of the events, and cybersecurity firms (not unlike CrowdStrike) will be eager to jump in and help. Regardless, it’s shown the entire industry that its technical processes and workflows may have more weaknesses than previously assumed.