In This Article:
A global tech disruption occurred for some users of Microsoft (MSFT) systems on Friday. One issue is a CrowdStrike (CRWD) update to some Windows devices that impacted operations across companies worldwide. Defused Cyber Deception Researcher and Founder Simo Kohonen joins to discuss the implications for CrowdStrike and the broader cybersecurity landscape.
Kohonen explains that CrowdStrike "pushed out a faulty update" that, when installed, "broke everything," affecting industries globally. He emphasizes CrowdStrike's reputation as the "top number one cybersecurity company in the world" and notes that their extensive customer base amplifies the scale of this issue. While the issue is fixable, he cautions that the timeline for resolving this problem may vary.
"From a very technical perspective, if you want to run this type of software which has a lot of capabilities, with great power comes great responsibility," Kohonen told Yahoo Finance. He adds, "I think CrowdStrike will have a lot of conversations with their current customers and their future customers about what they're doing differently. They might take a short-term hit from it, but they're still an extremely reputable vendor."
Let's talk a little bit more about the outages for that we want to bring in simoco hone and he is diffused a cyber deception researcher and founder and diffuse is a Finland-based network security company. Simo. It's great to have you. Thanks so much for hopping on with us here at the top of the hour. I think first just take a step back, tell our viewers what exactly went wrong and what's happening right now.
Well, yeah, um so one of the biggest cybersecurity vendors in the world um seem to have pushed out a faulty update which essentially when it was installed, it broke everything. Um and that's why you're you're seeing so many companies out there just completely knocked down to their knees. Uh we're speaking of vendor here CrowdStrike who many many hold to be the the top number one cybersecurity company in the world. They have about 70 of the 100 uh Fortune 100 companies as customers. I think over 250 of the Fortune 500. Uh so the scale they have in in their customer base is huge and that's that's probably the biggest driver of the uh the issue at hand right now.
What what type of quality assurance tests do up like this updates like this go through typically before they even get pushed? Because it seems like this is something that maybe could have been avoided just to make sure that there was, you know, some compatibility with all of the different systems that are intertwined around what CrowdStrike offers here.
Yeah, I mean, um things happen, right? The the nature of the specific uh component that seem to have contained the uh faulty uh bits to it. Uh is something that sits in a very low level of of the computer systems. And so in these areas, like having one byte in the wrong direction can crash things. Um I'm extremely sure uh CrowdStrike has some very robust uh quality control testing routines all of that. Sometimes snafus like this can happen even you know, regardless of of whether they are running best practice.
See how long does it take to correct something like this?
Uh it depends a bit. I I know it's it's a a bit of a lame answer, but it depends very much on where the the agent is running. So if uh the the user of the agent can easily run the update routine or revert to the previous version, uh which is a a big if, then it should be fairly straightforward. Um I know some CrowdStrike customers hadn't actually received the update yet, so some dodged the the bullet completely. Um if it happens that they have to use uh the manual routine, which was a fallback provided by CrowdStrike for the situation. Uh again, depending on scale, it might take very long time, you know, between 5 to 10 minutes per per system uh to actually restart things and if you think about these scale of computer systems globally, you know, if you have to run this type of routine for a a a set of computers of, you know, in the scale of of thousands, then it can easily take quite quite a long time.
CrowdStrike CEO George Kurtz who is who has spoken with Yahoo Finance on multiple occasions before making some media rounds this morning, apologizing for this mistake and for this outage. What type of kind of longer term impact do outages like this have in terms of new new customers, net new customers that companies look to bring on to use their services like CrowdStrike is dependent on for their continued growth.
Well, I'm I'm very sure a lot of CrowdStrike competitors will will jump on the occasion and and, you know, jump on the opportunity to take take advantage of it. But from from a very technical perspective, you know, if you want to run this type of software, which which has a lot of capabilities, you know, with with great power comes great responsibility. It will you know, regardless of the vendor, it will require quite low level privileges to run. Um I think CrowdStrike will have a lot of lot of conversations with with their current customers and their future customers about what they're doing differently. Uh I think they might take a a short-term hit from it, uh but they're still an extremely reputable vendor. I'm very skeptical whether it'll turn into a a long-term uh bad thing for them essentially.
See real quick, we only have about 30 seconds here, but is this is something like this almost unavoidable or is there a way to prevent something like this from happening again?
Well, on on a long enough uh time scale, it's it's you could say that it's unavoidable. You know, mistakes happen and and uh even though this looks like a basic one, um sometimes we see things like this. I'm I'm sure we won't see another one in the in the next 10 years.
Related Videos
For more expert insight and the latest market action, click here to watch this full episode of Morning Brief.
This post was written by Angel Smith