On Friday, 19 July 2024, a global IT outage disrupted many users worldwide. CrowdStrike, a leading cybersecurity firm, released a faulty security update that caused Microsoft Windows devices to crash. The CrowdStrike outage impacted Microsoft’s Windows 365 Cloud PCs, apps, and services, affecting an estimated 8.5 million devices worldwide.

The faulty security patch interacted with the internal systems on computers that use CrowdStrike solutions. It caused a malfunction that led to millions of computer systems crashing and displaying Blue Screens of Death. To make matters worse, whenever a computer rebooted, it would encounter the defect patch and shut down – creating an endless loop of starts and crashes. This translates to airlines, banks, emergency services, businesses and some government agencies being brought to a standstill.

What caused the CrowdStrike outage?

The CrowdStrike outage occurred because of a security update released on Falcon, CrowdStrikes flagship solution. Falcon is an endpoint detection and response software. In order for the software to be effective it needs deep access to computer operating systems to scan machines for suspicious activities and automate responses. The software works in the background of computers constantly scanning for any suspicious activities. If anything is detected, it locks the device to protect the system.

Part of delivering this solution is staying up to date with security threats. This requires CrowdStrike to release security updates, or patches, from time to time. Due to the nature of the software, it means that any flaws in the software can cause major issues. And unfortunately, the update it released on Friday was faulty and wreaked havoc for millions worldwide by spreading through rapidly through the Microsoft systems globally, leading to the CrowdStrike outage.

To add insult to injury, there was a separate incident involving Microsoft’s Azure cloud services. Microsoft fixed the issue but warned users of residual impacts from the CrowdStrike outage. 

What we can learn from this

The CrowdStrike outage highlights the vulnerability of global computer networks and the need for strong cyber resilience strategies. As Lina Khan, Chair of the US Federal Trade Commission, noted, these incidents reveal how concentration can create fragile systems. To reduce risks from events like the CrowdStrike outage, organisations should:

  1. Check your terms and conditions. Understand the liabilities and protections cybersecurity vendors offer. CrowdStrike’s terms cap its liabilities to fees paid, emphasising the need for comprehensive cyber insurance.
  2. Double-check your cyber insurance. Ensure your policy covers incidents like the CrowdStrike outage to protect against financial losses.
  3. Develop a cyber resilience policy. Identify and address misconfigurations quickly, automate fixes, and maintain clear communication with all stakeholders. Accurate, real-time reporting is crucial for managing incidents like the CrowdStrike outage effectively.
  4. Strengthen your cybersecurity practices. Be prepared for potential cyber threats by following guidance in the National Institute of Standards and Technology (NIST).

Maintaining customer trust requires businesses to be cyber-resilient. The CrowdStrike outage is a reminder for all organisations to evaluate their preparedness for similar events. Taking proactive steps can enhance their cybersecurity posture and mitigate the impacts of future incidents.