CrowdStrike Incident Exposes Global Cybersecurity Vulnerabilities

On July 19, 2024, the tech world witnessed one of the most severe incidents in history as countless computer systems worldwide were crippled. The cause was traced to a critical flaw in an update of CrowdStrike's Falcon security software, one of the "giants" in the cybersecurity sector. This event not only exposed significant vulnerabilities in the global cybersecurity infrastructure but also raised major questions about our reliance on technology and the inherent risks involved.

Weeks Needed to Resolve the CrowdStrike Incident

CrowdStrike is one of the largest cybersecurity companies globally, with its flagship product being the Falcon anti-hacker software. This software is allowed to intervene at the deepest level of a computer system to detect and neutralize threats within a company's network infrastructure.

To keep up with the increasingly complex cybersecurity landscape, Falcon requires constant security patches and updates. The incident occurred when their update on the night of July 18th, into the morning of July 19th, contained faulty code, causing computers using this software to continually restart.

Although CrowdStrike released a patch as soon as the problem emerged, the deep system intervention nature of Falcon and the nature of the flaw made the resolution time-consuming. The only way for companies to proactively install the patch was to do so manually on each affected machine.

For large companies with hundreds or thousands of computers, this process was extremely time-consuming.

Bloomberg quoted Michael Henry, President of Accelerynt Cybersecurity, who stated that one of his clients had to deploy their entire IT team to work 24/7 to fix 6,000 computers. This process could take up to three weeks.

Resolving the issue doesn't stop at getting the computer systems back online. In some complex industries like aviation, it also involves rescheduling affected flights. U.S. Transportation Secretary Pete Buttigieg shared, "Flights operate in sequence, so even after the initial issue is resolved, you still feel its impact afterward."

Damned if You Do, Damned if You Don't

While CrowdStrike has accepted responsibility, they have yet to disclose the specific cause of the incident. Many veteran cybersecurity experts point out that CrowdStrike and other cybersecurity firms have overlooked basic quality control protocols to expedite updates, thereby boosting their reputation and profits.

Federico Charosky, CEO of Quorum Cyber, stated, "It's time for this industry to mature and slow down. Clearly, quality assurance is being neglected, and many are choosing shortcuts to finish quickly."

Goldman Sachs also addressed this issue in a notice to investors, suggesting a solution: "In our view, compared to other tech products, cybersecurity products need to meet higher standards of reliability and security. We believe this incident will raise the bar for entry into the industry and increase demands on update processes, incident management, and customer service to industry-leading levels."

Many experts caution that mistakes in cybersecurity are inevitable due to the continuously evolving nature of the industry. "Patches and bug fixes happen regularly. The difference now is that cloud services amplify the scale of the impact," said Associate Professor Lee McKnight at the School of Information Studies, Syracuse University (USA).

Thus, it is necessary not only to find solutions to prevent incidents but also to minimize the scale of their impact in the future.

The CrowdStrike incident had such a significant impact because the company holds 14.74% of the global market share in security software, second only to Microsoft's 40.16% market share. If the services of either company were suddenly attacked or "went down," the consequences would be catastrophic.

Therefore, one clear mitigation measure is to encourage companies to diversify their security solutions, thereby "diluting" the cybersecurity market share.

According to Sputnik News, Russian aviation was completely unaffected by the CrowdStrike incident thanks to using domestically developed check-in systems and security tools. After the incident, a representative from a major Russian airport declared their readiness to share their system with other airports as a contingency plan.

Complexities in Compensation

According to Bloomberg, cybersecurity and legal experts assert that CrowdStrike will undoubtedly face numerous lawsuits, demands for compensation, or other forms of penalties. However, determining who is liable and in what manner remains complex due to the incident's widespread impact on various industries.

For now, specifically within the aviation industry, many airlines have proactively implemented compensation measures for passengers who experienced delays or cancellations.

United Airlines and American Airlines, for instance, waived fees for new bookings and the fare difference for those affected. Additionally, the airlines provided meals or hotel accommodations for passengers experiencing significant delays.