CrowdStrike glitch disrupts 8.5 million Microsoft devices globally

A recent global IT outage brought to light the critical necessity for both public and private organisations to establish comprehensive business continuity management plans, IT disaster recovery strategies, and rigorous system testing between security software vendors and their clients.

Experts advocate for organisations to diversify their technology portfolios and adopt a balanced approach to cloud-based technology to mitigate risks.

Bloomberg reports that a software update glitch from cybersecurity firm CrowdStrike Holdings Incorporated impacted 8.5 million devices worldwide running on the Microsoft Windows operating system.

By yesterday, CrowdStrike confirmed that a significant portion of the affected Microsoft devices had been restored and were operational, according to Reuters.

Pochara Arayakarnkul, CEO of digital transformation consulting firm BlueBik Group, highlighted the extensive repercussions of the IT system outage. Numerous businesses dependent on CrowdStrike faced significant disruptions, affecting essential service providers such as hospitals, airlines, and government agencies.

“This incident has highlighted the vulnerabilities inherent in our interconnected digital infrastructure, exposing businesses to operational risks that can cascade across sectors.”

While third-party software dependencies pose inherent risks, thorough preparation through business continuity management and IT disaster recovery planning can significantly enhance an organisation’s ability to manage and recover from unexpected events, said Pochara.

“By prioritising resilience and readiness, businesses can minimise the impact of outages and uphold operational continuity, safeguarding their reputation and ensuring customer trust.”

Faulty software update

Satnam Narang, senior staff research engineer at US-based cybersecurity company Tenable Inc, explained that the faulty software update deployed via the auto-update mechanism caused Microsoft’s Windows operating system to crash.

“Given the extensive use of this software globally, the outage affected a wide range of systems, including those in critical infrastructure.

“This unprecedented outage has shown us just how reliant our society and critical systems are on software working correctly at all times. And this is a perfect example of why we should never put all our eggs in one basket and rely on a single vendor — whether this is CrowdStrike, Microsoft or anyone else.”

Narang likened the situation to not employing a singular approach to retirement savings, emphasising that diversifying technologies is essential to limit risk.

Firms are advised to maintain robust outage and incident response plans, which should be regularly practised and updated to enable rapid recovery and deployment of alternative solutions in case of major disruptions.

This incident likely led IT managers to reconsider the automatic application of vendor updates without prior testing, Narang noted.

Narang suggested that policymakers promote a balanced approach to cloud-based technology adoption. While cloud services offer scalability and efficiency, heavy reliance on a few major tech vendors can create single points of failure. Diversifying technology providers and fostering the development of robust, multi-cloud strategies can bolster resilience.

Advocating for open standards and interoperability between different cloud services can help mitigate risks associated with vendor lock-in and enhance overall system resilience, reported Bangkok Post.