The Day the Digital World Froze: Lessons from a Global Tech Crisis
The Windows outage caused by bugs in a CrowdStrike update has brought a lot of attention to the security world, with concerns about how a cybersecurity company could accidentally cause a disruption as bad as some of the worst cyberattacks, bringing back memories of WannaCry and NotPetya. Because cybersecurity is such a universal concern, as it should be, CrowdStrike was installed across devices in countless different business sectors. Airports, banks, hospitals, and many more critical infrastructure services were all affected. While it is good that all these services had devices with CrowdStrike installed, meaning that they were taking measures to protect themselves, this ended up becoming a single point of failure when an update caused these crashes.
It’s easy to blame CrowdStrike for creating this problem in the first place, and while it certainly highlights systemic issues in quality assurance as a whole in the tech industry, the basic fact is that accidents happen, and no amount of quality assurance will ever provide a one hundred percent guarantee of freedom from bugs.
The largest problem is that too many companies were relying on CrowdStrike, and only CrowdStrike, for their cybersecurity solutions. A single point of failure provides too many risks. It would be wise for the recent trend of consolidation to be reversed, and for companies to employ a multi-vendor strategy for their managed detection and response needs. This not only is more robust in the face of failure, but allows for multiple perspectives on the cybersecurity problems faced by companies on a daily basis, providing more tools to solve them with.