Crowdstrike’s cyber blunder could be warning of worse things come
Our laptops, desktops and phones, our businesses, data, emails, our access to internet information and services — really, anything digital that traverses cyberspace and passes through a computer server — are all dependent on support and protection from security companies whose staffing and software are sometimes imperfect. Not much you can do to change that. Bad actors are out there — smart, devious and often hidden far from the reach of your local law enforcement, said Jon Powell, cybersecurity expert and partner at Atlanta-based accounting firm Moore Colson.
“It is unfortunately just the world we live in,” he said. “I don’t need to be next door to you to rob you.”
That means all companies need digital gatekeepers, the way a modern power plant needs guards. So, companies — and their employees — depend on software supplied by specialists like Crowdstrike, an Austin-based firm that has become a world leader in protecting company servers from hacking, theft, manipulation and other cyber disruption.
But the gatekeeper can goof, too. The guard at the plant gate can fall asleep, get fooled or overpowered by an intruder. Or — as seems to have happened with Crowdstrike earlier this month — stumble unintentionally while making his rounds, perhaps cutting off electricity and sending much of the city into darkness.
With a company like Crowdstrike, a misstep can make for a global problem, which is what happened in the early hours of July 19 at servers around the world when Crowdstrike apparently sent out a faulty software update to many users of Microsoft systems.
It was a very big deal, causing inconvenience and costing billions, but it could have been so much worse.
Airline scheduling was disrupted, particularly for Delta Air Lines, and many thousands of passengers stranded, but no in-air passengers were imperiled. Some hospitals lost access to computer systems and cancelled non-urgent surgeries.
Many supermarkets and other businesses lost their transaction systems, so customers couldn’t pay for items. Some logistics companies had to delay delivery of some packages, but none of the impact was lethal.
In many ways, our tech systems are chains and we depend on all the links, said Zarik Megerdichian, CEO of Loop8, a California-based company that sells personal privacy controls for software.
“This event serves as a warning for the problems a single point of failure can cause,” he said. “We learned that businesses are only as secure as their weakest link and even the big players we all know and trust are vulnerable. In many ways, companies got off easy.”
At Georgia Power, for example, the Crowdstrike outage didn’t disrupt electricity service for its 2.7 million customers, even though the company’s online support and account access functions were impaired. Those services were restored by Monday, though the aftereffects of the technology meltdown bled into the early part of this week.
Mondays are always busy for the utility, but a Georgia Power spokesman said it was experiencing higher than normal call volumes to start the week. The crush of calls was likely because customers were temporarily unable to address issues or schedule service through the company’s online portals on July 19, the spokesman said.