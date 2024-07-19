INDUSTRY REACTION: The CrowdStrike issue will be one of the most significant cyber issues
July 2024 by Omer Grossman, CIO, CyberArk
After the news that the CrowdStrike code update is bricking Windows machines around the world, the commentary from Omer Grossman, CIO at identity security company CyberArk.
The current event appears – even in July – that it will be one of the most significant of cyber issues of 2024. The damage to business processes at the global level is dramatic. The glitch is due to a software update of CrowdStrike’s EDR product. This is a product that runs with high privileges that protects endpoints. A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash.
There are two main issues on the agenda: The first is how customers get back online and regain continuity of business processes. It turns out that because the endpoints have crashed - the Blue Screen of Death - they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days.
The second is around what caused the malfunction? The range of possibilities ranges from human error - for instance a developer who downloaded an update without sufficient quality control - to the complex and intriguing scenario of a deep cyberattack, prepared ahead of time and involving an attacker activating a "doomsday command" or “kill switch”. CrowdStrike’s analysis and updates in the coming days will be of the utmost interest