July 23, 2024
By Vishal Rao - Chief Executive Officer, Skyhigh Security
Businesses in sectors like travel, government, healthcare, and others—and, by extension, their customers—had quite an awakening on July 19, 2024, when a massive IT outage sparked hours-long system failures across the globe. It’s important to note that this outage did not stem from a cyberattack; rather, it stemmed from a faulty software update pushed out by CrowdStrike. This resulted in machines using Microsoft operating systems affected by the software update to become immobilized in what some reports are referring to as the largest IT outage in history.
While this event did not affect the Skyhigh Security platform, it’s a good opportunity for all of us to reflect on just how interconnected and fragile the cyber ecosystem is and understand how we can best bounce back from disruptive incidents.
Due to the extent to which technology is fully ingrained in every part of our lives, it’s often not a matter of whether cybersecurity errors will occur but when and how they’ll be handled. As is also the case with data breaches, both human and machine errors can cause catastrophe; in this case, the error took the form of a bad software patch. The inevitability of such errors requires all organizations to have set-in-stone contingency plans to ensure they can jump into quick and effective action in worst-case scenarios.
In the case of this recent global IT outage, CrowdStrike took prompt action after identifying the issue and deployed the necessary fix as quickly as possible. They have also taken accountability for the inconvenience and disruption and are working closely with customers to ensure systems are back up and running. But despite these recovery measures, the question remains: what now?
First, organizations should be aware that bad actors will inevitably try to exploit situations like this. In fact, the SANS Institute remarks that adversaries may be leveraging the chaos to push out sham updates claiming to be CrowdStrike support. This is a critical reminder to all organizations: data security remains paramount while working to bring systems back online. Cyberattackers do not rest when the world is in shambles for a day; they thrive.
It’s also recommended that organizations invest in redundancies in their security infrastructure, implementing multiple layers via multiple vendors to prevent any instance of a single point of failure. Additionally, software vendors should learn from this incident and take the opportunity to optimize their testing strategies for software updates and double-check every line of code, however routine.
While the media headlines will eventually cease, mitigating the fallout from this event will take time. The best thing organizations can do is stay hypervigilant about data security and exercise solid judgment to avoid scams from opportunistic threat actors.
Back to Blogs