top of page

CrowdStrike to revamp testing procedures after 'bug' that led to outage

By D. Maan, Jadetimes News

 

CrowdStrike to Enhance Software Testing After 'Bug' Causes Global IT Outage


CrowdStrike has promised to make the relevant improvements in the software testing process after a 'bug' this last Friday impacted a global IT blackout. An incorrect content update for Windows, made by the cybersecurity company, caused an enormous global IT outage. The companies' error led to major hitches in normal operations of banks, hospitals, and airlines, because millions of PCs displayed "blue screens of death."


In a full spectrum incident report posted on Wednesday, CrowdStrike said the outage was caused by a "bug" in the system that goes through the software updates. With this particular capacity turned off, the system did not detect "problematic content data" in one file. The company says the incident could have been prevented with better software testing and more scrutiny from developers.


The failed update has affected 8.5 million machines of Microsoft windows across the world. CrowdStrike chief executive officer George Kurtz apologized for the broader scale of the impact by the outage. However, the cybersecurity technocrats faulted the company for having committed "grave errors".


'What's clear from the post mortem is they didn't seem to have the right guardrails in place to prevent this type of incident or reduce the risk of it occurring,' cybersecurity consultant Daniel Card. His views were echoed by cybersecurity researcher Kevin Beaumont, who tweeted: 'The fact CrowdStrike were not testing in waves was a major mistake of deploying. with rapid response update strategy.'


Sam Kirkman, of cybersecurity company NetSPI, said that CrowdStrike had in the past taken at least some actions aimed at keeping such an incident at bay. Steps like these, he cautions, "have likely been effective to prevent incidents on countless occasions prior to last week."


An insurance company, Parametrix, said, "500 top revenue companies in US, except Microsoft, could have suffered $5.4 billion financial losses from the outage and of this, only $540 million to $1.08 billion was insured.


Related to the incident, George Kurtz is going to be called to Congress in the coming weeks. Congress responded to a letter aimed at Kurtz, saying that "This incident must serve as a broader warning about the national security risks associated with network dependency" and gave until Wednesday night for CrowdStrike to set up the hearing.


Going forward, CrowdStrike will work to harden its testing protocols in an effort to bring confidence and reassurance to its software updates, such that customers trust that their services will not be disrupted again.

More News

bottom of page