[ad_1]
“While most companies don’t really have an alternative to Microsoft, they do have secure alternatives. This may force many companies to rethink the security products they use and whether they need to diversify across different security products to prevent this type of outage.”
The IT industry can’t believe that such a big mistake could happen, which paralyzed many systems around the world and in Croatia on Friday. The losses must be huge, but it is also a warning to be more careful in choosing suppliers and to increase efforts. Hinu experts from Span Neven Zitek commented on IT investments.
The global incident is believed to have been caused by a problem with a software update on the Windows operating system from US cybersecurity company CrowdStrike, the largest such software update in the world to date.
How is that possible?
Zitek said the IT industry was in disbelief: “How could a manufacturer not catch such a serious bug before it was distributed to end users?”
Zitek is the head of the cyber incident response department at domestic IT company Span, which also operates internationally and works closely with Microsoft.
When asked if this was “just” a technical incident/bug, or if it could be partially considered a cyberattack, he responded that such a large and global company could itself be a target for supply chain attacks precisely because of its large number of users and global reach.
“However, from all available information and statements from company executives, this was an error that occurred after an update of a security solution, the purpose of which was to prevent system outages due to cyberattacks. In this specific incident, the error in the CrowdStrike software manifested only on the Windows operating system, and there was a connection between the initial information about the Windows error that caused the system outages and CrowdStrike itself. Organizations using other solutions were not affected by these outages,” Zitek said.
Regarding the importance of CrowdStrike software in the world of IT and its global use, he pointed out that the company is one of the world leaders in cybersecurity software solutions and, according to available information, works with tens of thousands of companies, namely approximately 24,000 organizations in the world.
The damage will surely be great.
When asked about the amount of losses that could be caused by the error, namely due to downtime of many companies and systems in the world, from aviation, healthcare, banking to trade, media, etc., Zitek said that the losses would certainly be huge.
“We have already seen this on Friday with announcements about airport and air transport closures, payments, media outlets, schools, public and health sector closures. The magnitude of the impact will depend largely on the organizations affected and how quickly they are able to establish a normal work regime. Additionally, CrowdStrike’s stock price has fallen, while we have seen its competitors’ stock prices rise,” Zitek said.
However, he stressed that these were “temporary impacts” and the real impact would be seen through market performance.
He believes the competition may use this moment to provide a more favorable solution transition for CrowdStrike users.
“I also expect that in the future users will be more careful in the way they choose their suppliers, and that suppliers will eventually accept their role in the value chain towards the end user. In addition to the specific damage caused, the immeasurable monetary loss is also important, that is the loss of trust,” said Spano’s cyber incident expert.
The problem is solvable, but it requires human intervention and time
Regarding the technical aspects of eliminating the problem and returning the affected systems to work, Zitek said that the manufacturer itself had provided a “workaround” on Friday morning (our time), but “unfortunately, it also involves manual intervention on each computer” since there is currently no automatic solution to eliminate the fault on all computers at the same time “.
This can lead to troubleshooting delays, which are entirely dependent on the number of IT service personnel available and how quickly they can apply the workaround and resolve the issue.
Croatia is not an island in cyberspace
This happens in many countries, including Croatia, where this solution is also used.
“Since it is one of the leading protection software solutions, it is not surprising that some Croatian companies were also affected by the bug. From media headlines and announcements, we saw that air transport and flight control, media agencies were affected. In any case, we must not forget that we cannot consider Croatia as an island, because we are all interconnected in cyberspace and many of the services we use come from global service providers,” Zitek added.
Higher cost of doing business
He explained that this is a specific software solution that organizations usually use, in which case they usually choose the solution that works best for them at the time based on the allocated budget, and usually such software updates are output automatically without human intervention, so every error will have an immediate and undelayed impact on the information system.
The failure of critical systems raises the question of recovery and business continuity planning, where resources to ensure business continuity mean higher costs, which are often unacceptable to organizations.
“Such specific events are indeed rare, and therefore difficult to justify from a risk management perspective. However, if they occurred frequently enough, then organizations would need to build resilience to such disruptions into the system design itself. In theory, protection is possible, but the mechanisms are fairly complex and difficult to justify economically,” Zitek said.
There have been similar incidents
Zitek said similar incidents have happened before, but not with such consequences because the world is still more dependent on digital services today, so the consequences are greater.
The largest and most well-known of these was the cyber incident related to the SolarWinds 2020 software solution, which cybercriminals managed to penetrate, gaining access to a large number of private and public organizations, government agencies, etc. Although it did not cause system downtime at the time, it pointed out the importance of supply chain management and the vulnerabilities that arise from using one or another software solution in our business.
Cloudflare in 2020, Microsoft Azure in 2019 and Amazon Web Services in 2020 have also experienced service outages that had global impacts, but Zitek said “it appears that they have successfully incorporated the lessons learned into their operating models, as no new major outages have been recorded since then.”
“Organizations today are highly or even fully digital, which means they have to invest in resilience to disruptions in cyberspace, which can be numerous. Regardless of the technological solutions used, when the worst happens, recovery will depend entirely on how well prepared we were before the incident and whether we have the right people in place. People are key and it is necessary to ensure they are aware of the challenges, educated and well prepared. This is why we run various educational programs through the Span Cybersecurity Center,” concludes Zitek.
Desolation around the world
U.S. cybersecurity company CrowdStrike became a household name for the wrong reasons on Friday after a botched software update caused “havoc” around the world, and the “CrowdStrike mess” could prompt a rethink among investors and buyers, analysts said.
Among the consequences, they noted, was a drop of more than 11% in the company’s shares on Friday as a result of technical errors that caused disruptions and interruptions to work in multiple industries around the world — from shutting down public services and halting flights to being unable to broadcast media programming and others.
CrowdStrike, which was previously valued at about $83 billion, is one of the world’s most popular cybersecurity providers, with nearly 30,000 subscribers worldwide. The company is also a software darling among investors due to its growth and high profit margins, with its shares doubling over the past year before falling on Friday.
But analysts said the disruption to many systems due to a technical error could force customers and investors to reconsider their reliance on the company, opening the door to potential competitors such as Palo Alto Networks, whose shares rose 1.7% on Friday. SentinelOne rose 3.6%.
Gil Luria, senior software analyst at DA Davidson, commented: “This incident is a reminder of how complex and intertwined our global computing systems are, and how prone they are to error.”
“While most companies don’t really have an alternative to Microsoft, they do have alternatives in terms of security. This may force many companies to reevaluate the security products they use and whether they need to diversify into different security products to prevent this type of outage,” Luria added.
Security officials at several companies expressed displeasure with CrowdStrike but did not disclose plans to end work with the vendor, while analysts said that while Friday’s incident hurt CrowdStrike, they did not expect competitors to take away much market share as a result of it.
CrowdStrike CEO George Kurtz said in a post on social media platform X that the incident was not a security incident or cyberattack and that “fixes are in place.” He later apologized for the impact on the company.
“Disruptions do occur and are meaningful at scale, but we think CrowdStrike’s diligence and effective response will help,” said analysts at JPMorgan.
Daily News
[ad_2]
Source link
