Could the Crowdstrike glitch that took down 8,5 million Windows devices last Friday have been avoided?
“Yes!” says Tim Schughart, CEO of ProSec GmbH and IT security expert, in an article in Business Week.
But let's start at the beginning: On Friday, a faulty software update from the company Crowdstrike led to failures of computers and servers that use the Windows operating system.
The consequences are felt worldwide, as the company has almost 30.000 customers worldwide, including global players such as Amazon and Intel.
But smaller customers are also affected, with bank customers no longer being able to withdraw money, hospitals having to postpone operations and flights being cancelled. In Germany, critical infrastructure companies are also affected.
Tim Schughart, our CEO, is certain that this glitch could have been avoided. He also would have liked to see more transparency in dealing with the problem.
What we do know is that there was a quality assurance error. And that shouldn't have happened.
He goes on to say that the key point is the reproducibility of the error, as it affects all customers and not just a small number. Given the extent of the problem, it can be assumed that this update has not been properly tested.
He also criticizes the way the problem is being handled: Since IT security has to be addressed at the most sensitive points, the risk of destroying something is particularly high. That is why caution is always required here. This is the only way to successfully defend against cyber attacks.
Schughart also emphasizes, however, that this incident is no reason to fundamentally doubt the quality of the company.
Crowdstrike will replace the faulty update on Friday. But now, as is often the case, the customer has to take action themselves. Schughart explains that customers often have to manually remove the faulty file from their computer so that the system can then download the new, error-free file.
In this case, too, customers must take action themselves: Microsoft published instructions for customers with Microsoft cloud machines on Friday that allow them to restore the system state before the update.
A Microsoft security update has unexpectedly created a new security vulnerability that puts businesses at risk. This undocumented side effect could block users' Windows updates and cut off systems from future security updates. A potential nightmare for IT security and business management.
Two critical vulnerabilities in Spotfire's AI analytics platform could be exploited by hackers to threaten companies in the industrial, financial, and research sectors. Experts urge CEOs, CIOs, and CISOs to take these risks seriously and act strategically.
A security vulnerability in the WordPress plugin "SureTriggers" puts over 100.000 corporate websites at risk. This article highlights the risks and provides recommendations for effective IT security strategies.
