I can’t let the debacle with CrowdStrike go by without comment. It is so ironic that software designed to protect businesses from cyber security attacks caused a huge amount of disruption. Its strapline after all is: Stop breaches. Drive business.
According to Microsoft, 8.5 million Windows hosts were affected by CrowdStrike’s blunder, which is 0.6% of the estimated 1.4 billion Windows 10/11 install base.
Blunder is an understatement and may well have put the cause of cyber security back, in that it will give those who need one, an excuse to not update their devices on a regular basis.
The newspapers went to town, claiming it was the end of the world and that we should abandon technology and go back to cash. Yet other operating systems are available and less than one percent of Windows devices were affected. Whilst some high profile industries ground to a halt, notably the airline industry, the majority weren’t affected at all. Indeed, it wasn’t until I read about it on social media sometime later on in the day that I became aware of the issue. If I hadn’t checked it could have passed me by completely.
Mistakes happen, I get that and IT systems are highly complicated and interdependent but I cannot understand how Crowdstrike’s release got into the production environment. There must, one hopes, have been extensive testing. There must, one hopes, have been a sign off process, both internally within Crowdstrike but also in Microsoft. There must, one hopes, have been customers involved in the testing and release schedule. Yet somehow the release got through.
So what does this incident tell us?
- Keeping software up to date is vital for security. One mistake, however calamitous does not affect this, after all if there was no security threat then CrowdStrike would not have had to release anything.
- The world of IT is complicated and interdependent, mistakes can have dramatic and unexpected consequences. Testing and testing and testing is vital. It should be carried out in an environment which reflects the customers’ experience and should involve them as much as possible.
- News of the demise of information technology is premature.
Many people owe a huge debt of gratitude to the IT Teams who will have worked tirelessly to get all the systems back up and running.
Thoughts from a Guerrilla Worker 