On 19 July 2024, cybersecurity company CrowdStrike distributed a faulty update to its Falcon Sensor security software for Microsoft Windows. As a result, roughly 8.5 million systems crashed and would not restart in what has been called the largest outage in the history by cybersecurity commentator Troy Hunt. CrowdStrike, once the gold standard in cybersecurity, is now the reluctant winner of the 2024 Pwnie Awards’ ‘Most Epic Fail’ accolade.
The outage disrupted daily life, businesses and governments around the world. Numerous industries and institutions were affected – from stock markets and airlines to hotels and hospitals. Within hours, the error was discovered and a fix was provided. However, because affected computers had to be fixed manually, outages lingered for several days.
At the time of the incident, CrowdStrike had more than 24,000 customers, including 60% of Fortune 500 companies. The bill for the global glitch will run into billions of dollars.
The outage raised questions about centralisation in information technology. The majority of global computers use Microsoft Windows, creating a monoculture that reduces resiliency. As a result, there has been widespread and public anger at the failure of political leaders to regulate for diversity and competition.
Questions raised about cloud and third-party software
IT leadership teams are facing questions about how they were impacted and their true exposure to these types of incidents. The history-making outage highlights the vulnerability of companies that rely on cloud services and third-party software.
Businesses are being encouraged to integrate robust contingency plans to manage disruptions. Advisors and policymakers are telling tech companies to do rigorous testing and ensure quality assurance to avoid similar failures that may damage their reputation.
The incident draws into sharp focus the potential legal liabilities of B2B tech firms and financial losses from service outages. This may lead to increased demand for insurance and clearer terms regarding liability in service agreements.
Putting all your eggs in one basket?
The global CrowdStrike meltdown shows the risk when IT operations depend on a single point of delivery. IT leaders are now focussing on concentration risk and how supply chain exposure can be managed. B2B tech companies will have to consider how this may affect their operations and whether client organisations will trust them to be their single service provider in the future.