On Friday, July 19, 2024, a routine software update from CrowdStrike, a leading cybersecurity company, caused a major issue affecting an estimated 8.5 million Windows computers. The incident led to significant disruptions across many different sectors of industry, including airports, grocery stores, and media. Here’s what happened, what went wrong with the update, how it impacted businesses across the globe, and what you can do to prevent your business from suffering the same fate.
What is CrowdStrike?
CrowdStrike, founded in 2011, is a leading US-based cybersecurity company. Its job is to protect businesses from cyber threats like ransomware, malware, and other online attacks, and it’s good at it. CrowdStrike has a solid reputation for responding quickly to cyber threats and has been involved in investigating major cyber incidents.
Unfortunately, this incident was caused by an update to its antivirus software, the Falcon Sensor Program, designed to protect Microsoft Windows devices from malicious attacks in real-time.
What is Falcon Sensor?
Think of your computer as a house. Regular antivirus software is like a security system that looks for specific types of threats (like burglars) that it has encountered before. If it sees any of these known bad guys, it stops them from getting in.
EDR, or Endpoint Detection and Response like Falcon Sensor, is a modern alternative to the antivirus software that most of us use on our home computers. It acts like a smart security guard for your house. This guard not only looks for the threats that the antivirus knows but also keeps an eye out for any strange or suspicious activity. It can investigate unfamiliar situations and take action to protect your house, even if the threat is something new.
So, while an antivirus is good at stopping known threats, an EDR is much better at handling new and unexpected threats to keep your computer safe. The trade-off is that EDR requires deeper access and constant rapid updates to stay on top of quickly changing threats. Unlike other software updates, these updates cannot be rolled out in stages.
So What Happened?
CrowdStrike is known for producing antivirus software intended to prevent hackers from causing the very type of disruption it caused last week.
However, when CrowdStrike released an update to their Falcon sensor program, it appeared that the update contained a coding error known as a “logic error,” which caused Windows computers running Falcon Sensor to crash, leading to the infamous “Blue Screen of Death” (BSOD).
The impact was immediate and widespread. Many businesses found their Windows computers unusable. The problem affected millions of devices globally. People reported that their computers went into a reboot loop, making it impossible to use them.
CrowdStrike responded quickly. Within an hour of identifying the issue, they began working on a fix. By 5:27 a.m. UTC, they released an update to correct the faulty configuration files. Unfortunately, the recovery process varied. For many, the issue was resolved relatively quickly by deleting the problematic file remotely. However, for those with offline systems, where remote access was not an option, manual file deletion had to be applied manually to every affected device, causing massive headaches for IT departments everywhere.
What Was the Impact of the Crowdstrike Incident on Businesses?
The CrowdStrike outage had a massive impact on businesses across many sectors.
- Airports and Airlines: Systems that manage flight schedules, ticketing, and customer service stopped functioning, causing delays and confusion. Airlines canceled 5,000 flights worldwide Friday, while delays persisted through the weekend and into Monday.
- Grocery Stores and Retail: Checkouts malfunctioned, making it impossible to process sales, resulting in frustrated customers and lost sales. Some retailers had to close their doors until they could restore their systems.
- Media and Journalism: Journalists and media companies faced major challenges as their computers crashed, leaving them without the essential tools needed to report on the incident, disrupting news coverage and the ability to provide timely updates to the public.
- Banks and Financial Services: Banks experienced system outages that affected transactions and customer service.
- Healthcare: While not as widely reported, hospitals and government services were throttled, and in some areas 911 communications stopped working.
Across the board, businesses that relied on Windows systems experienced productivity losses.
The CrowdStrike outage demonstrates how critical reliable IT tools are for business continuity and highlights how a single software issue can impact our interconnected modern business operations.
How We Can Help Your Business
It’d be easy to put all the blame on CrowdStrike or the airlines for not building robust backup protocols or reconsider our dependency on Microsoft software applications, but it’s not that simple.
IT systems are truly critical infrastructure these days. Although this breakdown was bad, it could easily have been worse.
We often take the proper functioning of our IT environment for granted—until it stops functioning, that is. If there is one thing you should take away from this outage, it should be the importance of having operational redundancy and backups in place.
As Stuart Madnick, an MIT Sloan School of Management professor, puts it: “There are a lot of benefits that these technologies give us that really pay off 99% of the time. The most important thing is to prepare for that 1% of times when things go wrong.”
To survive disruptions, your business needs clear procedures in place to mitigate their impact on productivity. Don’t underestimate the importance of proper backup solutions, disaster recovery plans, and business continuity software.
If you don’t consider worst-case scenarios now, you’ll be forcing yourself to make spur-of-the-moment decisions that you could regret later. Remember, 60% of businesses go out of business after a prolonged outage. Response preparedness is not something you can keep pushing off.
At Meeting Tree Computer, we specialize in preparing your business for IT emergencies. We offer comprehensive disaster recovery and business continuity solutions tailored to your needs. Contact us today to learn how we can protect your business from unexpected disruptions and ensure you’re always ready for anything!
