One year since Crowdstrike global outage. What has changed since?
On July 19, 2024, Crowdstrike pushed an update to its Falcon program used by Microsoft Windows computers to collect data on potential new cyberattack methods.
The routine operation turned into a 'Blue Screen of Death' (BSOD) for roughly 8.5 million Microsoft users in what many considered one of the largest internet outages in history.
The fallout meant significant financial losses for Crowdstrike's customers, estimated at around $10 billion (€8.59 billion).
"There were no real warning signs that an incident of this nature was likely," Steve Sands, fellow of the Chartered Institute for IT, told Euronews Next.
"Most organisations that rely on Windows would have had no planning in place to cater for such an event".
But what did Crowdstrike learn from the outage and what can other companies do to avoid the next one?
'Round-the-clock' surveillance of IT environment needed
A year after Crowdstrike, outages at banks and 'major service providers' would suggest that the cybersecurity community hasn't changed much, according to Eileen Haggerty, vice president of product and solutions at cloud security company NETSCOUT.
So far this year, a cloud outage from Cloudflare brought down Google Cloud and Spotify in June, changes to Microsoft's Authenticator app led to an outage for thousands using Outlook or Gmail in July, and a software flaw at SentinelOne deleted the critical networks necessary to keep its programs running.
Haggerty said that companies need to have visibility to respond to possible software problems before they happen by having 'round-the-clock monitoring' of their networks and their entire IT environment.
Haggerty suggests that IT teams conduct 'synthetic tests,' which simulate how a site would handle real traffic before a critical function fails.
These tests would provide companies 'with the vital foresight they need to anticipate issues before they even have a chance to materialise,' she added.
In a blog post, Microsoft said that synthetic monitoring is not airtight and is not always 'representative of the user experience,' because organisations often push new releases, which can cause the whole system to become unstable.
The blog post added that it can improve the response time to fix a mistake once spotted.
After an outage happens, Haggerty also suggests building a detailed repository of information about why the incident happened so they can anticipate any potential challenges before they become an issue.
Sands said these reports should include plans for resilience and recovery, along with an evaluation of where the company has a reliance on external companies.
Any company looking to build with "resilience" should do it as early as possible, since it is difficult to be "bolted on later," he said.
"Many companies will have updated their incident response plans based on what happened," Sands said.
"However, experience tells us that many will already have forgotten the relatively short-term impact and chaos caused and will have done little or nothing".
Nathalie Devillier, an expert at the EU European Cyber Competence Centre, told Euronews last year that European cloud and IT security providers should be based on the same continent.
"Both should be in the European space so as not to rely on foreign technology solutions that, as we can see today, have impacts on our machines, on our servers, on our data every day,' she said at the time.
What has Crowdstrike itself done after the outage?
Crowdstrike said in a recent blog post this month that it developed a self-recovery mode to 'detect crash loops and … transition systems into safe mode,' by itself.
There's also a new interface that helps the company's customers have greater flexibility to test for system updates, such as setting different deployment schedules for test systems and critical infrastructure so that it doesn't happen at the same time.
A content pinning feature also lets customers lock specific versions of their content and choose when and how updates are applied.
CrowdSource also now has a Digital Operations Center that it says will give the company a 'deeper visibility and faster response' to the millions of computers using the technology worldwide.
It also conducts regular reviews of their code, quality processes and operational procedures.
'What defined us wasn't that moment, it was everything that came next,' George Kurtz, the CEO of Crowdstrike, said in a LinkedIn post this week, noting that the company is now 'grounded in resilience, transparency and relentless execution'.
While Crowdstrike has made some changes, Sands believes it might be "an impossible ask" to avoid another outage at that same level because computers and networks "are by their nature highly complex with many dependencies".
"We can certainly improve the resilience of our systems from an architecture and design perspective ... and we can prepare better to detect, respond and recover our systems when outages happen," he said.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Euronews
2 days ago
- Euronews
Microsoft to make Notre-Dame ‘digital twin' in Europe AI push
Notre-Dame Cathedral took five years to rebuild after the devastating fire, but a digital duplicate would have been much easier, Microsoft's president Brad Smith noted last November. On Monday, he announced that the theory was being put to the test and stated that the Cathedral, built in 1345, would be getting a digital twin. The digital replica of Notre-Dame is being created with the French culture ministry's heritage institute and the start-up Iconem. It combines advanced imaging with artificial intelligence (AI) to produce the digital twin. The aim is to 'preserve permanently in digital form every detail of Notre Dame, ensuring that its structure, story, and symbolism are protected and accessible for generations to come,' Brad Smith, the president of Microsoft, said in a blog post. The digital twin would be donated to the French State and 'can be used by preservationists and be displayed in the future Musée Notre Dame de Paris,' he added. The project will also digitise historic opera sets and millions of artefacts with leading French cultural institutions, such as 1,5000 cinematic model sets from shows at the Opéra National de Paris between 1800 and 1914. Microsoft the aim is the project is to make the collections accessible to as many people as possible, via interactive experiences on its platform The precise budget and completion date for the project are not yet known, but Smith told French media that the operation would take at least a year to complete and will probably cost several million dollars. The project follows a partnership with the Vatican to digitise St. Peter's Basilica. Microsoft also announced on Monday that it would expand its innovation centres in Strasbourg to boost the development of Europe's languages in AI models, especially underrepresented European languages, to make the technology more inclusive. Microsoft's Windows currently includes 90 languages, including the 24 official European languages, as well as Basque, Catalan, Galician and Luxembourgish. The American company aims to develop its languages and enrich its stock of multilingual data by collecting data from sound recordings left on the GitHub platform. Microsoft said that it would then host and make the data 'broadly accessible' on the platform Hugging Face. 'The European project' Microsoft is trying to build its brand in Europe and announced earlier this year a plan called European Digital Commitments. The company said its aim is to expand AI and cloud infrastructure, strengthen digital resilience and data privacy protections, enhance cybersecurity, and support Europe's digital sovereignty and broader economy. However, Europe is also trying to push for its own sovereign cloud infrastructure and is championing its own AI large language models (LLMs) to become less dependent on Big Tech companies. This includes, for example, multilingual text data from GitHub and voice data sets. MOIC and GitHub will partner with Hugging Face, a popular collaboration platform for AI model development, to host and make the data broadly accessible.
France 24
2 days ago
- France 24
The Bright Side: Microsoft partners with French government to create Notre-Dame's digital replica
Microsoft is teaming up with the French government to create a digital replica of Paris ' Notre-Dame Cathedral, France 's most visited monument, the US tech company's president, Brad Smith, said on Monday. The 862-year-old Gothic masterpiece was reopened last December after a five-year restoration following a devastating fire in 2019. A digital replica will serve as a record of the building's architectural details, Microsoft said. It will also provide a virtual experience for visitors and those unable to visit. The cathedral became a symbol of Paris and France after Victor Hugo used it as a setting for his 1831 novel "The Hunchback of Notre-Dame". Quasimodo, the main character, has been portrayed in Hollywood movies, an animated Disney adaptation and in musicals. Last year, Microsoft worked with Iconem, a French company that specialises in digitalisation of heritage sites, on a digital replica of St Peter's Basilica in Vatican City. "One of the things we learned from the work at St Peter's is how a digital twin can help support the ongoing maintenance of a building. Because you capture a digital record of every centimetre and what is there and what it's supposed to look like," Smith told Reuters. "The ability to create a digital twin right now I think will provide an enormously valuable digital record that I believe people are going to be using 100 years from now," he said. Since 2019, Microsoft has digitally preserved heritage sites and events including Ancient Olympia in Greece, Mont Saint-Michel in France and the 80th Anniversary of the Allied Beach Landings in Normandy.
Euronews
4 days ago
- Euronews
One year since Crowdstrike global outage. What has changed since?
One year ago, a faulty update from a cybersecurity firm took down hospitals, airlines, banks, and government offices around the world. On July 19, 2024, Crowdstrike pushed an update to its Falcon program used by Microsoft Windows computers to collect data on potential new cyberattack methods. The routine operation turned into a 'Blue Screen of Death' (BSOD) for roughly 8.5 million Microsoft users in what many considered one of the largest internet outages in history. The fallout meant significant financial losses for Crowdstrike's customers, estimated at around $10 billion (€8.59 billion). "There were no real warning signs that an incident of this nature was likely," Steve Sands, fellow of the Chartered Institute for IT, told Euronews Next. "Most organisations that rely on Windows would have had no planning in place to cater for such an event". But what did Crowdstrike learn from the outage and what can other companies do to avoid the next one? 'Round-the-clock' surveillance of IT environment needed A year after Crowdstrike, outages at banks and 'major service providers' would suggest that the cybersecurity community hasn't changed much, according to Eileen Haggerty, vice president of product and solutions at cloud security company NETSCOUT. So far this year, a cloud outage from Cloudflare brought down Google Cloud and Spotify in June, changes to Microsoft's Authenticator app led to an outage for thousands using Outlook or Gmail in July, and a software flaw at SentinelOne deleted the critical networks necessary to keep its programs running. Haggerty said that companies need to have visibility to respond to possible software problems before they happen by having 'round-the-clock monitoring' of their networks and their entire IT environment. Haggerty suggests that IT teams conduct 'synthetic tests,' which simulate how a site would handle real traffic before a critical function fails. These tests would provide companies 'with the vital foresight they need to anticipate issues before they even have a chance to materialise,' she added. In a blog post, Microsoft said that synthetic monitoring is not airtight and is not always 'representative of the user experience,' because organisations often push new releases, which can cause the whole system to become unstable. The blog post added that it can improve the response time to fix a mistake once spotted. After an outage happens, Haggerty also suggests building a detailed repository of information about why the incident happened so they can anticipate any potential challenges before they become an issue. Sands said these reports should include plans for resilience and recovery, along with an evaluation of where the company has a reliance on external companies. Any company looking to build with "resilience" should do it as early as possible, since it is difficult to be "bolted on later," he said. "Many companies will have updated their incident response plans based on what happened," Sands said. "However, experience tells us that many will already have forgotten the relatively short-term impact and chaos caused and will have done little or nothing". Nathalie Devillier, an expert at the EU European Cyber Competence Centre, told Euronews last year that European cloud and IT security providers should be based on the same continent. "Both should be in the European space so as not to rely on foreign technology solutions that, as we can see today, have impacts on our machines, on our servers, on our data every day,' she said at the time. What has Crowdstrike itself done after the outage? Crowdstrike said in a recent blog post this month that it developed a self-recovery mode to 'detect crash loops and … transition systems into safe mode,' by itself. There's also a new interface that helps the company's customers have greater flexibility to test for system updates, such as setting different deployment schedules for test systems and critical infrastructure so that it doesn't happen at the same time. A content pinning feature also lets customers lock specific versions of their content and choose when and how updates are applied. CrowdSource also now has a Digital Operations Center that it says will give the company a 'deeper visibility and faster response' to the millions of computers using the technology worldwide. It also conducts regular reviews of their code, quality processes and operational procedures. 'What defined us wasn't that moment, it was everything that came next,' George Kurtz, the CEO of Crowdstrike, said in a LinkedIn post this week, noting that the company is now 'grounded in resilience, transparency and relentless execution'. While Crowdstrike has made some changes, Sands believes it might be "an impossible ask" to avoid another outage at that same level because computers and networks "are by their nature highly complex with many dependencies". "We can certainly improve the resilience of our systems from an architecture and design perspective ... and we can prepare better to detect, respond and recover our systems when outages happen," he said.
