Global computer crash caused by defective CrowdStrike update

NEW YORK —‍ In a world where cyber threats‍ are a constant concern, organizations such as airlines, banks, hospitals, ‍and others that ‍prioritize risk management have ⁣turned to cybersecurity firm CrowdStrike to safeguard their digital systems ​from hackers and potential data breaches.

However, a⁢ single flawed software update ‌from CrowdStrike on Friday led to worldwide disruptions.​ These included grounding flights, ⁤taking⁤ banks and media outlets offline, and causing interruptions ‍in hospitals, retail⁣ outlets, and other services.

“The root of⁣ this issue lies in the uniform technology​ that forms the backbone of our IT ‌infrastructure,” commented Gregory Falco,‍ an assistant professor of engineering at Cornell University. “The real problem is ⁢our dependence ‍on a handful of companies. When everyone uses the ⁤same providers, a single issue can bring‍ everyone down⁤ simultaneously.”

CrowdStrike clarified that‌ the ⁢issue with the update,‍ which affected ‌computers running Microsoft’s Windows‌ operating system, was not due to a hacking ⁣incident ​or cyberattack.⁣ The company apologized and assured that ‌a ​solution was in progress.

However, the fix was not straightforward. It required a hands-on ​approach⁤ to resolve, according to Gartner ​analyst​ Eric Grenier.

“The ​solution‌ is ​effective, but it’s⁢ a very manual ‍process and there’s no quick fix,” Grenier explained. “This is likely the biggest challenge companies are facing.”

While not ​every organization uses CrowdStrike and its platform, Falcon, the company is a leading cybersecurity provider, ‌especially in sectors like​ transportation, healthcare, banking, and others that heavily rely on their computer systems.

“These are typically risk-averse organizations ⁢that prefer reliable solutions over radical innovation. ⁢They want something that works and ‍provides ‍coverage when things go ⁣wrong. That’s what ⁤CrowdStrike​ offers,” Falco stated. “They see their ‍peers in other sectors‍ using the ‌same service and decide they need‌ it‍ too.”

The vulnerability of a‍ globally interconnected technology ecosystem is not a new ‍concern. It was a major fear in the 1990s, with worries ⁣about a technical glitch causing chaos ‍at the turn of the‍ millennium.

“This is essentially ⁣what‍ we feared with Y2K,⁢ except this time⁤ it’s actually happened,” Australian cybersecurity consultant Troy Hunt posted on social platform X.

On​ Friday, affected computers ​worldwide displayed the “blue screen of ⁤death” — an​ indication of a problem with Microsoft’s⁤ Windows ⁣operating system.

“What’s different now‌ is that these companies are even more deeply rooted,” Falco noted. “We like to think we have a variety of ⁢options. But in reality, the⁣ largest companies all use the same resources.”

Established in 2011 and publicly traded ⁣since 2019, CrowdStrike prides itself on having “revolutionized cybersecurity for the cloud era and ⁤transformed​ the way cybersecurity is delivered and ⁤experienced by customers.” The company highlights​ its use of artificial‍ intelligence to keep up with adversaries. As of the beginning of the year, it reported having 29,000 subscribing customers.

The Austin, Texas-based ‍firm ⁣is one of the most​ prominent cybersecurity companies globally and invests heavily in marketing, including Super Bowl ads. At cybersecurity conferences, it’s known for large booths displaying⁤ massive action-figure ​statues representing different state-sponsored hacking⁢ groups that CrowdStrike technology⁤ promises to defend against.

CrowdStrike⁤ CEO ⁢George​ Kurtz is among the​ highest-paid in the world, with total compensation exceeding $230 million‌ in the last three years. Kurtz also drives for a‌ CrowdStrike-sponsored car racing team.

After his initial statement ​about the problem was criticized for lack of contrition,⁢ Kurtz apologized in ⁣a later social media post on Friday‍ and on NBC’s “Today Show.”

“We understand the gravity of the situation ​and are deeply⁢ sorry for ⁢the ‌inconvenience⁣ and disruption,” he said‍ on X.

Richard Stiennon, ​a cybersecurity industry analyst,​ described this as a ⁣historic blunder by CrowdStrike.

“This is easily ‌the worst technical error ⁢or glitch of any security software ‍provider ever,” said Stiennon, who⁣ has tracked the ‌cybersecurity industry for 24 years.

While the problem is‍ technically easy⁢ to ​fix, he said, its impact could be⁤ long-lasting for some organizations due to ‌the hands-on work needed to fix⁣ each affected computer. “It’s incredibly difficult ​to ‌manually fix millions of machines. And with people⁢ on vacation right ⁣now, the CEO‍ might‌ return from his ‌trip to the ‍Bahamas in a couple of weeks and find he can’t use⁤ his computers.”

Stiennon said he ‌did not believe the outage revealed⁤ a larger problem with the cybersecurity industry or CrowdStrike⁣ as a company.

“The markets will forgive them, the customers will forgive them, and this will blow over,” he said.

Forrester⁣ analyst Allie Mellen commended CrowdStrike for clearly​ instructing customers on how to fix the problem. However, to regain ‍trust, she said a more⁣ in-depth examination of what‌ happened ⁤and what changes ​can prevent a⁣ recurrence will be necessary.

“A lot of this will likely come down ‍to⁣ the testing and ⁣software ⁣development process and the⁢ work they’ve put into testing these kinds of updates before​ deployment,” Mellen said. “But until we see the complete retrospective, we won’t know‌ for sure ‍what the ⁣failure was.”