CrowdStrike recently became the very “single point of failure” that company executives warned about just weeks before a devastating software update that took down Microsoft Windows-powered computers around the world, crippling everything from airlines to banks.
PC Mug Reports On July 19, 2024, the cybersecurity world experienced a moment of irony when CrowdStrike, a prominent cybersecurity company, found itself at the epicenter of a global computer crash. The incident occurred just weeks after one of the company’s CEOs warned about the dangers of relying on a single provider for critical IT functions.
Drew Bagley, vice president and privacy and cyber policy counsel at CrowdStrike, said: The Washington Post Speaking at the Securing Cyberspace event in June, he highlighted the risks associated with organisations becoming overly reliant on a single vendor for their IT needs. His words, delivered as a warning, seem eerily prophetic given recent events.
During his talk, Bagley emphasized the importance of resilient digital architectures and secure software deployment. “You need to develop your code in a secure way and validate your deliverables,” he warned. “But it’s also important to deploy software in a resilient way that reduces risk in your digital ecosystem, not adds to it.”
At the heart of Bagley’s argument was the concept of a “single point of failure.” He painted a scenario in which an organization’s entire IT stack, including operating systems, cloud services, productivity tools, email, chat, collaboration platforms, video conferencing, browsers, identity management, and even security, were all provided by a single vendor. In that case, Bagley warned, “the building materials, the supply chain, and even the building inspectors would all be the same.”
At the time, industry observers interpreted Bagley’s comments as a allusion to Microsoft, referring to a scathing assessment of the tech giant’s security culture by a cybersecurity review board following the previous summer’s breach of government email systems by Chinese-backed hackers.
But the events of July 19th shifted the focus heavily to CrowdStrike itself, when a botched update to the company’s Falcon software crashed Windows PCs around the world and put many computers into a boot loop. The recovery process proved to be lengthy and laborious, with Microsoft suggesting affected systems may need to be rebooted up to 15 times in succession.
The incident made CrowdStrike a perfect example of the very risk Bagley warned about: The company’s software updates became a “single point of failure” for many organizations, demonstrating how even security providers can unintentionally introduce vulnerabilities into the systems they protect.
As organizations struggle with the fallout from the CrowdStrike updates, Bagley’s closing remarks from his June speech take on even more significance: “We can no longer tolerate solutions or architectures that are at risk of collapse due to a single point of failure.”
Click here for details PCMag is here.
Lucas Nolan is a reporter for Breitbart News covering free speech and online censorship.
