LAS VEGAS, Nev. (FOX5) – Airlines, banks, hospitals, schools, businesses and emergency services were among those impacted by a large-scale technology outage that stemmed from a software update error by cyber security firm CrowdStrike.
According to the Associated Press, the incident affected its customers running Microsoft Windows, the world’s most popular operating system for personal computers. That is one reason why the incident was so widespread, according to cyber experts.
Chief Technology Officer Shannon Wilkinson, with Las Vegas Cyber Security company Tego Cyber, says CrowdStrike is a trusted name in cyber security. FOX5 asked Wilkinson what steps companies can take to prevent the massive disruptions that happened.
“I think the big learning lesson here is having a contingency plan and being able to answer the question of, what does my business do if we no longer have access to our IT systems? How do we still serve our customers? How do we minimize the impact to the services that we provide,” said Wilkinson.
She also said some organizations were protected from the software error.
“One of the things I think that possibly saved some organizations from being affected by this bad software update was that they do not automatically update their systems. So, when CrowdStrike has an update they’ll take that update, they’ll test it out on some machines, make sure that that does not break anything,” said Wilkinson.
However, Wilkinson says the problem with not accepting automatic updates, is that cyber criminals could exploit a security vulnerability, if that vulnerability is not automatically patched. She says that could r
esult in a data breach or ransomware attack. Wilkinson says that puts organizations between a rock and a hard place.
“Do you automatically update so you’re protected instantly, or do you say I want to test it first before I implement it in my organization to make sure that it doesn’t break anything,” said Wilkinson.
The company’s CEO, George Kurtz, said he’s “deeply sorry” for the widespread outages. He also said this was not a security incident or cyber-attack.
Leave a Reply