In the disastrous Friday of July 19th, Crowdstrike outage had brought airports, banks, hospitals and retails down to their knees. The economical impact is huge and yet to be estimated. For some people, the scenario is no different to the end of the world. The faulty update caused Windows system to crash in the most pathetic way (BSOD™), and can be only recovered manually. This sent thousands of IT personnel back to stone age, working to only able to solve the problem manually.
In my opinion, this outage might had opened up a pandora box: how a cybersecurity company that was suppose to protect, caused damage greater than any malicious actor can do.
Unfortunately, Crowdstrike is not innocent. They broke some Linux servers in April 2024 (Source: Neowin), jsut that no one noticed because not many was affected.
This means something: Crowdstrike, as a cybersecurity vendor, has sloppy practices. In fact, very sloppy. Yet, they get top level administrative privileges to millions of user computer systems, whilst most common users are only given the bare minimum permissions. Fortune 500 companies thought they have good IT security practices, yet they hand over the nuke button to a sloppy cybersecurity company. Talk about black humour.
Second problem, there is no transparency in terms on how Crowdstrike manages their daily operation. This might not be only true for Crowdstrike but also for many cybersecurity vendors. There is no way to look into and ensure that these vendors are performing as they should. Crowdstrike obviously did not learn any lesson from the April 2024 incident, and so 3 months later, they finally nuke the world.
Third problem, the damage caused cannot be recovered in propotion. A single outage already cause economic damages far more than what a single cybersecurity company can bear. Affected companies probably need to swallow the loss. Rumors had that insurance companies are considering this event as “force majeure”, so that they will not offer compensation as well.
Final and foremost problem, things are probably not going to change. Big corporations are likely to manage their technology requirements like how it was. Things will still be politically justified, instead of technical justified. As long as someone is able to take the blame (in current case, Crowdstrike), it will be fine.
But if the outlook is so grim, is there nothing we can look forward to?
No
We are start entering a new era with more and more black swan incidents. Big players rely on rigid practices in their daily business, are starting to face challenges out of their hands. They can do nothing, because their hands are all tied up. This opens up opportunities to those that are not trapped in these rules of game.
If you are working in the tech industry, never give up learning and constantly improve yourself. Be responsible to what you do.
When some 8.5 million computers are brought down on July 19th, what happen to those that are not affected? What advantages they had, and what they had gained?
If another black swan incident comes tomorrow, are you prepared?