Recently, I wrote a piece on system software patching, of which I noted that sometimes “patches” pushed out to customers applications software are sometimes behind the ball on resolving critical cyber security breaches. They typically are reactive rather than proactive in nature. Usually the result of a bug someone reported, and then a patch was created to resolve the vulnerability.
Occasionally, a software company will have continued to find these bugs on their own after the applications have already been contracted out to a customer, and like they should, they “patch” them up with regular “pushes” of updates to customer’s systems. Not all patching is successful. Not all patching is even innocuous. Sometimes, the patch hits the fan.
Take the Crowdstrike internet takedown that is fresh in everyone’s minds and still in some business computers. This debacle of code pushed to millions of business windows computers worldwide wasn’t a hacker or foreign threat actor trying to take out the world, it was an inside job. There was no little bald man petting a kitty cat twisting his little finger at the corner of his lower lip.
There wasn’t a diabolical plan by a guy dressed all in black also sporting a black eye-patch. And no, Doctor Evil was not lurking in the background of the internet. All these things aside, and really, they are likely out there, the whole mess was caused by the same company trying to push a curative patch to its Falcon program that resides on millions of computers around the world.
Crowdstrike quite literally shot themselves in the foot with a push of a patch that had a “logic error” and thus the reason millions of displays went into the “blue screen of death” mode locking users out and preventing rebooting the machines.
But what was the first thing on your mind when you experienced or at least heard about this event on that fateful Friday morning? For most they thought of a cyber attack. Someone has circumvented systems world-wide and an attack was launched to disrupt global IT systems. But what was the reason? What did they get or want? Was it a protest group just trying to send a message? Was the global IT infrastructure being tested by a nefarious actor to see if they could take it down? These are all thoughts that went through my head and many others in the IT world.
The media was quick to report these possibilities in their cycle of news disinformation, but Crowdstrike knew within an hour that this was on them. The record was corrected and they got busy pushing the fix to the world in the same manner as they caused it. Oh, but the headaches from this disaster were just beginning.
Not only did 8.5 million computers go offline, but airlines were brought to a halt. Thousands of flights were canceled or otherwise affected for travelers for more than a week. Healthcare services, grocery stores, banks, broadcasting companies, freight systems and a multitude of other services were affected to the tune of over $5 billion dollars in direct losses. And they still are counting. Not included are the secondary damages, lost time, bad optics and stops in productivity. The cost is immeasurable.
It is reported that only around 10% to 20% of losses are covered by any type of cyber security insurance. I made a case for cyber insurance in my last article, “Breakin’ the Law,” just before this happened. But most companies have not leaned into providing budgets for these insurances and choose to roll the dice.
Well, the dice landed on “craps” this time. There are billions of dollars of unrecoverable revenues and now the lawsuits are cranking. The only ones going to make any money here are the attorneys. Most claims with this event will likely be with other types of insurance. Loss of business, travel insurance, etc.
Crowdstrike is being sued by its shareholders claiming that the subsequent drop in share price over the next few days caused a $25 billion dollars disappearance of their market share value. And that’s not all, Delta and other airlines are lawyering up to sue for the nearly 500 million in damages it says they sustained paying out hotel, transportation and labor costs for its customers and employees. Ouch.
Will crowdstrike make it through? I think so. The share price is about half the value of the day before the event. But most companies won’t kick them to the curb, they’ll get a second chance. Over time, their value will increase, but they have challenges with impending lawsuits and other legal claims. If anything, this was a learning experience for them as well as all similar cyber security companies. It’s not hard to think that they will have the toughest of industry standards going forward.
I expect they will fortify their best business practices to better testing and intense scrutiny before rolling out patches and I do also expect that they will be able to reach the top of the game in cyber security after the fallout has subsided. Likely, they will have a tough sell for a while to new customers, but if they do the right things, this can make them stronger.
Their sales teams better up their game as well. Convincing someone to buy an apple that you know was poisoned once before is a hard sell. I’m not a stock analyst or expert by any means but most of them would probably see the same things I am seeing here and buy low. They will recover in time.
Crowdstrike Falcon is an exceptionally robust and detailed platform and highly respected in the industry. It rates at the top of all EDR offerings and is well liked by users. One glitch, albeit, a big one cannot possibly out-weigh all of the robust features, flexibility and other great characteristics that it has to offer.
Keep in mind, businesses are continuing its use, support was phenomenal in the Global IT outage event with the Crowdstrike team and it is difficult to move such a large platform, even if slowly, to put another program in its place. Major companies don’t get too disgruntled over things like this.
I think it is just a matter of time and calm negotiation between amicable partners to resolve issues and move on. Yeah, some money is going to change hands, and this hurts the company and stockholders, but wait it out, it will be fine. Sometimes, staying the course is the best for everyone. All things will be better in the end.
And this is the end. I hope my readers feel better already, I do.
Jon Armour is a contributing author to the line of Design and Construction publications and has 35 years of combined experience across the construction, real estate and IT Infrastructure industry. He is certified Project Management Professional (PMP), certified Construction Manager, Program Manager, and a published author of a popular Western Genre novel and writer of “Intertwined-A Holy Spirit Love Story.” He resides in Magnolia, Texas.
