The recent CrowdStrike software bug caused a massive global IT infrastructure failure. This incident highlighted a critical vulnerability in modern digital ecosystems: the risk of single-point failures. National and cybersecurity experts say the risk of such technical outages is increasing.
As shared by our CEO George Kurtz, more than 97% of Windows sensors are back online. We thank our customers, partners and the CrowdStrike team for their recovery efforts, and we remain committed to restoring every impacted system.
To our customers still affected, we’re here to…
— CrowdStrike (@CrowdStrike) July 26, 2024
They argue that the market needs to adopt better practices for competitive and secure software management. There is also a growing consensus that governmental regulations related to software updates and patches may become necessary. The CrowdStrike bug is part of a broader trend of large-scale IT failures resulting from single-point errors.
What can we learn about CX from the CrowdStrike software failure?
According to Keith Kmett, principal CX adviser, some businesses may stop gathering customer feedback to avoid bad scores, but that's the opposite of what you should be doing.
Read more: https://t.co/a2m30SA1Qd
— Medallia (@Medallia) July 26, 2024
For example, earlier this year, AT&T had a nationwide outage due to a technical update. The Federal Aviation Administration (FAA) also faced an operational setback last year after a critical file replacement error. This prompted the FAA to adopt backup systems to prevent future occurrences.
Our Field #CISO, Paul Davis, shares his thoughts on the complexities of Crowdstrike #outage.
Read why he thinks they did a great job tackling a problem that could have happened to anyone + the takeaways that companies need to learn: https://t.co/wpWo7yt0Cy
— JFrog (@jfrog) July 26, 2024
Microsoft is calling for changes to Windows and resilience in the wake of the CrowdStrike outage. Microsoft appears to be starting the conversation about moving security vendors out of the Windows kernel. Full details below 👇 https://t.co/CVxEkz9gZ1
— Tom Warren (@tomwarren) July 26, 2024
Chad Sweet, co-founder and CEO of The Chertoff Group, said failures of this nature are becoming more frequent, even with routine software patching and updates. Sweet discussed the importance of single-point failure risk management and ongoing software maintenance. He pointed to the Secure Software Development Framework (SSDF) as a potential standard that Congress may consider more closely.
Sweet’s Chertoff Group is advising companies to review their software development and update standards in the wake of the CrowdStrike incident.
Managing single-point failure risks
He emphasized the importance of following established protocols to reduce risks associated with technical updates.
Aneesh Chopra, chief strategy officer at Arcadia and former White House Chief Technology Officer, spoke about the unique regulations overseeing critical sectors such as energy, banking, healthcare, and airlines. Chopra stated that business leaders must prioritize scenario planning and have contingency plans ready for system downtimes. Unlike many other issues in Washington, there is a bipartisan commitment to addressing vulnerabilities in critical infrastructure through technical standards.
Chopra predicted efforts to enhance the understanding and prevention of single-point failures. He encouraged fostering competition to improve accountability in the IT sector. The business-to-business software market, which is highly concentrated and dependent on single providers like CrowdStrike, may need a more open and competitive approach to technical updates.
This would ensure that procedures are followed meticulously, reducing risks associated with single-point failures. Despite potential fears of overregulation, Sweet advocates for market-driven solutions such as those used by the insurance industry. By rewarding companies with robust security practices through lower premiums, the market can incentivize good behavior.
Sweet also recommends embracing the concept of “anti-fragile” organizations, which not only survive disruptions but also thrive and outpace competitors in the aftermath. The CrowdStrike outage is a stark reminder of the vulnerabilities inherent in current software systems. Both Sweet and Chopra agree that this incident serves as a wake-up call.
It underscores the need for improved industry standards, regulatory oversight, and competitive practices to fortify global IT infrastructure.
April Isaacs is a news contributor for DevX.com She is long-term, self-proclaimed nerd. She loves all things tech and computers and still has her first Dreamcast system. It is lovingly named Joni, after Joni Mitchell.
