Feed aggregator

On July 19, approximately 8.5 million Windows machines were blocked causing flight cancellations, banking disruptions and media outages around the world. Major US airlines, including American Airlines, United Airlines, and Delta had to cancel flights due to communication problems. Banks and stock exchanges, including the London Stock Exchange, Lloyds Bank, and South Africa's Capitec, faced similar problems. The failure also affected the Visa and Mastercard payment gateways, according to DownDetector data.

The outage led to serious financial distress. For instance, the cancelation of almost 7,000 flights by Delta could cost the company from $350 million to $500 million. According to some estimates, the total direct loss facing the US Fortune 500 companies, excluding Microsoft, was $5.4 billion. The healthcare sector has been hit the hardest, with projected losses of $1.94 billion, followed by the banking sector with $1.15 billion in estimated damages. The airline industry also experienced significant disruptions, leading to an estimated $860 million in losses. Fortune 500 companies alone could incur direct losses of $5.4 billion.

What went wrong

The outage was caused by errors in an update of the Falcon security platform by information security solutions provider CrowdStrike, as the company later explained. Interestingly, the update was successfully tested on March 5, but the error could not be noticed due to a bug in the diagnostic software.

CrowdStrike also noted that it usually provides security content configuration updates in two ways: one through Sensor Content, which comes with the Falcon Sensor component, and the other through Rapid Response Content, which flags new threats using various behavioral pattern-matching methods. The latter was the one that contained the previously undiscovered bug.

Why did this mistake lead to blue screens around the world? The reason lies in the relation between this kind of endpoint protection software like Falcon and operating systems: there is no way to limit such software from controlling the operating system, as doing so would open the possibility for a virus to take over. This scenario would negate the very purpose of having a security application in place, as it would allow malicious entities to bypass the protection measures entirely.

Gradual upgrades and regular backups

Despite the significant impact of the recent incident on companies and organizations, it is unlikely that there will be a widespread abandonment of CrowdStrike products. Solutions like Falcon are deeply embedded in IT infrastructures and have been developed and refined over decades. Replacing them is time-consuming and costly. In addition, there is no guarantee that alternatives would not lead to the same troubles.

However, this incident shed light on some burning issues in the tech industry. One of them is the lack of diversity. Nowadays the market is dominated by just a few major vendors, and this concentration of control is precisely why the impact of the incident was so widespread. To mitigate such risks in the future, it's crucial to develop and invest in alternative solutions, including cloud-based options. This is the key takeaway we should derive from this situation.

Furthermore, while accountability for the accident rests with CrowdStrike, businesses also need to incorporate new approaches to security. One of them is to constantly back up their data. Companies that do that regularly probably were also less impacted by this outage, in my opinion. Some system software usually updates itself over the night or in the morning. If something goes wrong, the firm can just roll that out. So another suggestion for business, and we've been saying that again and again for decades, is that you should have some backup procedure applied, running, and regularly tested.

I also think that companies that keep their infrastructure in the cloud, coped with the consequences of this outage quicker than others thanks to virtualization and API-based scripts. For AWS-hosted and Microsoft Azure-hosted virtual machines, the instructions are usually published in a matter of hours. Moreover, it does not take much time to imply those instructions compared to doing that for a full park of bare metal servers. Therefore, probably more firms would switch to cloud-based solutions. If 20% companies would do that, it would be a fantastic win for our industry. But I believe, only 5-15% would actually go for that.

Future updates

In addition, future updates are also better deployed gradually. It means first upgrading a small subset of systems, then monitoring their performance, and extending changes to a larger group of systems. With this strategy in place, it would take more time for businesses to update everything, but it would help them to avoid such massive damages as we have seen today.

There are some steps that regulators could take too. Many companies create a risk model to assess potential threats and choose appropriate cyber defense solutions. However, regulators sometimes mandate specific cybersecurity measures without considering if all businesses truly need them. For example, they might require the installation of antivirus software without verifying its necessity for every company. As a result, some businesses end up purchasing cybersecurity solutions just to comply with regulations, rather than based on their actual needs. It's likely that from 50% to 90% of affected companies would not have been impacted if they had not installed CrowdStrike or other EDR and XDR software products solely for compliance reasons in the first place.

Overall, I hope that the situation will bring more positive change to the industry and help transition to safer cybersecurity practices.

We've featured the best business cloud storage.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

After a federal judge ruled in August that Google is illegally monopolizing the search engine market, the Department of Justice is now saying the company must be reined in.

(Image credit: Leon Neal)

Here are the answers for The New York Times Mini Crossword for Oct. 9

Subscribers can play these games and more starting in November.

Beef, fish, chicken, pork or whatever -- these best pellet grills will turn your favorite meals into enjoyable dishes with a smokey flavor.

Researchers found that Hurricane Helene was stronger, rainier, and significantly more likely because of climate change. The U.S. can expect more such storms in the future as warming continues.

(Image credit: Joe Raedle)

President Biden on Tuesday set a 10-year deadline for cities across the nation to replace their lead pipes, finalizing an approach aimed at ensuring that drinking water is safe for all Americans.

(Image credit: Susan Walsh)

MediaTek's Dimensity 9400 chip supports advanced AI capabilities on phones along with performance improvements.

Here are some hints — and the answers — for Connections No. 486 for Oct. 9.

Here are some hints, and the answers, for the Oct. 9 Strands puzzle, No. 220.

Here are some hints and the answer for Wordle No. 1,208 for Oct. 9.

If you're a back or stomach sleeper and need a supportive new mattress, the Helix Twilight may be worth considering. Here's what our sleep experts thinks of this Helix mattress.

Sony's active noise-canceling WH-1000XM5 headphones are under $300 right now -- a record-low price.

A new HBO documentary takes a swing at uncovering the real identity of Satoshi Nakamoto, inventor of Bitcoin. But without incontrovertible proof, the myth lives on.

Understanding your pet's genes can help keep them healthy and happy. Try the Basepaws Cat DNA Test Kit today for $85 -- a fraction of the usual cost.

The Justice Department said the man was inspired by the Islamic State militant organization and was plotting an Election Day attack targeting large crowds in the U.S.

(Image credit: Charlie Neibergall)

Keep things green with the Rachio game-changing Smart Sprinkler control system, currently discounted by $87, thanks to this Prime Day deal.

T-Mobile and SpaceX are extending their Helene collab as another hurricane nears landfall.

Get the basic DNA test kit for just $39 right now, a massive 61% in savings.

Storm-related fraud can happen after a natural disaster like Hurricane Helene or Hurricane Milton.