Global computer crash shows the dangers of technological dependence

"Blue Screen of Death"

Airlines, banks, hospitals and many other organizations around the world have chosen cybersecurity company CrowdStrike to protect their computer systems from hackers and data breaches.

However, a faulty CrowdStrike software update caused global disruption on July 19 that canceled flights, shut down banks and media outlets, and disrupted hospitals, retailers and other services.

Affected computers displayed a "blue screen of death," a sign that something went wrong with Microsoft's Windows operating system.

"This shows that technology is at the backbone of our entire IT infrastructure," said Gregory Falco, associate professor of engineering at Cornell University. "The chaos happened because almost everyone was using the same company's services, so everyone's internet went down at the same time."

CrowdStrike said the issue involving an update the company released that affected computers running Microsoft's Windows operating system was not a hack or cyberattack. CrowdStrike apologized and said a fix is ​​being rolled out.

While not everyone is a CrowdStrike customer, it is one of the leading cybersecurity service providers, especially in transportation, healthcare, banking, and other sectors that have high risks in keeping their computer systems up and running.

“They are typically risk-averse organizations that want to be protected when something goes wrong. CrowdStrike provides that service. And when they see their peers in other industries using it, they believe they will need it too… Ultimately, the biggest companies all use the same service,” Falco said.

Reliance on an AI startup

Founded in 2011 and only publicly traded since 2019, CrowdStrike describes itself as “reinventing cybersecurity for the cloud era and transforming how cybersecurity is delivered for the customer experience.” The startup emphasizes the use of artificial intelligence (AI) to help it keep up with competitors. The company reported 29,000 signed-up customers at the beginning of this year.

Thanks to the explosion of technology and catching up with the AI ​​trend, this Austin, Texas-based company has quickly become the most famous cybersecurity company in the world. They even spend a lot on advertising, including expensive ads during Super Bowl matches.

CrowdStrike CEO George Kurtz is one of the highest-paid people in the world, recording total compensation of more than $230 million over the past three years. Kurtz also drives for a race car team sponsored by CrowdStrike.

Following the incident, Kurtz admitted his mistake and apologized: "We understand the seriousness of the situation and are deeply sorry for the inconvenience and disruption."

Security experts say a routine update to CrowdStrike cybersecurity software appears to have failed to undergo adequate quality testing before being deployed.

The latest version of the Falcon software is designed to make CrowdStrike customers' systems more secure from hackers by updating the threats it protects against. But faulty code in the update files has caused one of the biggest computer problems in recent years for companies using the Windows operating system.

Richard Stiennon, a cybersecurity industry analyst, said it was a historic mistake by CrowdStrike. “This is certainly the worst mistake, technical error, or glitch by any security software vendor ever,” he said.

While the issue has an easy technical solution, its impact could be long-lasting for some organizations because each affected computer needs to be repaired, he said.

Forrester analyst Allie Mellen credits CrowdStrike for being clear with customers about what they need to do to fix the problem. But to restore trust, she says it will take a deeper look at what happened and what changes can be made to prevent it from happening again.

Ngoc Anh (according to AFP, AP)