Airlines, banks, hospitals and other risk-averse organizations around the world chose cybersecurity company CrowdStrike to protect their computer systems from hackers and data breaches.
But all it took was one faulty CrowdStrike software update to cause Friday that grounded flights, knocked banks and media outlets offline, and disrupted hospitals, retailers and other services.
鈥淭his is a function of the very homogenous technology that goes into the backbone of all of our IT infrastructure,鈥 said Gregory Falco, an assistant professor of engineering at Cornell University. 鈥淲hat really causes this mess is that we rely on very few companies, and everybody uses the same folks, so everyone goes down at the same time.鈥
The trouble with and affecting computers running Microsoft's Windows operating system was not a hacking incident or cyberattack, according to CrowdStrike, which apologized and said a fix was on the way.
But it wasn't an easy fix, requiring 鈥渂oots on the ground鈥 to remediate, said Gartner analyst Eric Grenier.
鈥淭he fix is working, it鈥檚 just a very manual process and there鈥檚 no magic key to unlock it,鈥 Grenier said. 鈥淚 think that is probably what companies are struggling with the most here.鈥
While not everyone is a client of CrowdStrike and its platform known as Falcon, it is one of the leading cybersecurity providers, particularly in the transportation and banking sectors that have a lot at stake in keeping their computer systems working.
鈥淭hey鈥檙e usually risk-averse organizations that don鈥檛 want something that鈥檚 crazy innovative, but that can work and also cover their butts when something goes wrong. That鈥檚 what CrowdStrike is,鈥 Falco said. 鈥淎nd they鈥檙e looking around at their colleagues in other sectors and saying, 鈥極h, you know, this company also uses that, so I鈥檓 gonna need them, too.鈥欌
Worrying about the fragility of a globally connected technology ecosystem is nothing new. It's what drove fears in the 1990s of a technical glitch that could cause chaos at the turn of the millennium.
鈥淭his is basically what we were all worried about with Y2K, except it鈥檚 actually happened this time,鈥 wrote Australian cybersecurity consultant Troy Hunt on the social platform X.
But what's different now is 鈥渢hat these companies are even more entrenched,鈥 Falco said. "We like to think that we have a lot of players available. But at the end of the day, the biggest companies use all the same stuff.鈥
