Crowdstrike, a cybersecurity company has brought about the biggest outage in global history. Jeff Watkins, Chief Product and Technology Officer at CreateFuture, commented, “Today, the skies seem to be empty, and that’s because many airports across the world are on a break, along with government departments, hospitals and more.
“There seem to be two sources for this, a Microsoft Azure outage, and an issue with a popular piece of cybersecurity software by Crowdstrike, which is reportedly taking down Microsoft Windows based systems.
“It’s not yet 100% clear if they’re related, but it does seem likely that a problem with Crowdstrike’s Falcon Sensor software could be affecting Microsoft’s own estate. Thankfully, remedial steps have been published to recover machines and a fix made available for download, but putting millions of Windows machines into recovery mode takes time.
“This could well be one of, if not the, biggest IT outages of all time, and it should make us all pay attention.”
We have asked industry leaders how they believe this will impact small businesses and startups, due to the size and spread of this outage. This is what they’ve shared:
Our Experts
Martin Greenfield, CEO, Quod Orbis
Jeff Watkins, Chief Product and Technology Officer, CreateFuture
Rebecca Crook, Chief Growth Officer, Creature London + Positive.
Stephen Johnson, CEO and Founder, Roq.
Matt Tuson, General Manager, EMEA at LogicMonitor
Wil Jones, Technical Director, Propel Tech
Conor O’Neill, CEO and Founder, OnSecurity
Martin Greenfield, CEO of cybersecurity monitoring firm Quod Orbis, on what needs to be done moving forward and steps for prevention:
“The global IT outage underscores a critical weakness in many organisations’ cyber-resilience strategies: an overreliance on single-point solutions like antivirus software.
“While such tools are essential, they should not be the sole pillar of a robust cybersecurity posture. This incident serves as a reminder that even industry-leading solutions can falter, potentially leaving entire sectors vulnerable.
“Whilst such threats can have huge impact, steps to prevention are often quite straightforward. Organisations must adopt a more holistic approach to their cyber resilience, implementing a multi-layered defence strategy that encompasses not just software solutions, but also robust policies, regular training, and proactive threat hunting.
“A key component of this approach should be continuous controls monitoring, which allows for real-time visibility into the effectiveness of security measures and rapid response to emerging threats.
“This incident also underscores the importance of basic cyber hygiene, particularly regular system updates. The involvement of Microsoft operating systems in this outage emphasises that even simple steps like keeping software current can significantly reduce vulnerability.
“Yet this fundamental practice is often overlooked, leaving systems unnecessarily exposed. This also applies to security vendors themselves who should be running regular tests on their solutions to ensure they’re up to date with the threat landscape.
“The widespread impact of this outage also highlights the interconnectedness of global IT systems and the potential for cascading failures.
“Companies must conduct thorough risk assessments, not just of their own systems, but of their entire supply chain and third-party dependencies. This incident demonstrates how a single point of failure can have far-reaching consequences across multiple sectors and geographies.”
Jeff Watkins, Chief Product and Technology Officer, CreateFuture
What can we learn:
“This situation brings up a wider discussion, one we should lean into after this has all cleared up, as if there’s one thing that is hitting organisations across the globe really hard right now, it’s software supply chain issues.
“These could be attacks, such as the near miss we had with the xz-utils, or the current Crowdstrike Falcon Sensor problem. The outcomes of a failure in a supply chain can be catastrophic, with loss of service across the globe, financial impacts and even loss of life.
“This all stems from our need to update our software frequently in order to remain secure in a time when cyber attacks are on the increase. Herein lies the rub, because as more software moves towards automatic updates, another avenue of failure and/or attack was opened up, that of a rapidly updating supply chain, and our ability to control that flow safely.
“Endpoint management and protection software, such as Crowdstrike, Kandji or Jamf can help an organisation manage this updating, balancing the currency of updates with safety, allowing testing or gradual rollout.
“But when this critical piece of the puzzle misfires, it seems there’s no fallback, as this software itself automatically updates. Although the failure seems to be in the threat detection parts of Crowdstrike rather than patch management, the point is still the same, who watches the watchmen?
“Resorting to having separate supply chains purely for disaster recovery purposes is probably a bridge too far for even large organisations. If Microsoft are struggling with this, I don’t think there’s much of a chance for the rest of us.
“What is clear is that we need a conversation about how our endpoint protection and management software is maintained and updated, maybe demanding control over when to apply updates.
“Aside from that, it’s a timely reminder that we should all take an interest in update management at all stages in the supply chain, as this time it was a bug, and not an attack. If this was a successful attack scenario, things would be much, much worse. It’s only a matter of time, unless we get serious about this.”
More from News
- Experts Share: How Can The UK Maintain Its Position As A Top Tech Hub Globally?
- Amazon’s Same-Day And Next-Day Delivery Now In 4000 More Areas
- Valutico Acquires AI Innovator Paraloq Analytics to Revolutionise Private Company Analysis
- How Do UK Consumers Spend Their Disposable Income?
- Spain Tops The List As Most Productive European Country
- Industry Leaders Share Their Thoughts On The Recent Interest Rate Hold
- Bank Of England Holds Interest Rates At 4.25%, What Does This Mean For UK?
- One Of The Largest Data Breach In History Leaked 16 Billion Passwords
Rebecca Crook, Chief Growth Officer, Creature London + Positive.
“It appears the core problem has been due to a software update with Crowdstrike causing mayhem globally from payments to airport structures. Clearly there needs to be stronger and more robust testing procedures to mitigate against situations such as these.
“However they are becoming more common place and as we can see today causing economic impact with Crowdstrike losing a fifth of its value in pre-market trading. As companies move more to fully digital eco-systems resilience and preparedness will be key in ensuring customers and users are not impacted and left stranded at airports or with a basket full of goods with no payment options available.”
Stephen Johnson, CEO and Founder, Roq.
“The global outage, affecting banks, airlines, and television channels, underscores the immediate impact such failures have on brand reputation, customer satisfaction, and revenue. In 2024, organisations must intensify their efforts to protect their customers.
“To counteract these trends, it is imperative that organisations embed quality deeply into their operational psyche and apply it to technology delivery right from the start. By identifying and managing these risks early on, organisations can prevent issues before they impact customers.
“The costs of overlooking quality are too great to ignore. It’s time to change the narrative—from reacting to technological crises to preventing them through steadfast commitment and foresight.
“We urge technology leaders and innovators across industries to prioritise quality within their organisations and technology solutions. Together, let’s provide our stakeholders with solutions that are advanced, robust, and reliable, ensuring a trustworthy digital world for their customers across the globe.”
Matt Tuson, General Manager, EMEA at LogicMonitor
“A global IT outage has far-reaching consequences, highlighting a huge reliance on IT infrastructure. From business operations to personal communications, connected technology is the backbone of modern society.
“Essential services such as banking, healthcare, and transportation face severe disruptions, leading to disarray and economic loss. Businesses struggling with halted operations result in supply chains breaking down, causing a ripple effect across various sectors.
“There is also the societal impact. We rely on interconnected technologies for everyday tasks, including work, communication, education, and accessing information. So many of them link back to a single or a few particular vendors. An outage at their end leads to widespread frustration and can also hinder emergency response efforts, worsening any ongoing crises.
“The damage can be both immediate and long-term. Financial losses would be substantial, with potential billions in lost revenue globally. The trust in digital infrastructure could be shaken, leading to increased scrutiny and demand for more robust, resilient systems.
“This incident highlights the critical need for hybrid observability and a single pane of glass view across entire IT environments to enable the mitigation of risk.
“A global IT outage, much like this one today, serves as a stark reminder of how deeply intertwined our lives are with digital connectivity and the urgent need to reinforce our IT systems against such vulnerabilities.”
Wil Jones, Technical Director, Propel Tech
“The size of this global IT outage is quite something. So far we know it is impacting everything from GP appointment booking systems to Gail’s bakery ordering systems, and of course, grounding flights in New Zealand and America.
“Right now depending on where you are in the world an IT glitch means that you can’t buy a crossoint, see a doctor or catch a flight.
“This is a stark reminder of the dangers of our increased reliance on cloud-based software.
“Here in the UK, the most worrying issue appears to be the EMIS outage, which has got GPs handwriting prescriptions.
“There are initial reports that the issue is related to cybersecurity software CrowdStrike. CrowdStrike is software used to prevent data breaches, although CrowdStrike has yet to acknowledge this formally.
“At the time of writing, it is 3:30 am in Austin, Texas, where the cybersecurity company is based – so that may have something to do with it.
“When we have so many vital systems using a single cloud-based software, should anything breach that, we see systems around the globe fall like dominoes, which is what we are seeing here.
“When these systems are responsible for the IT support of vital infrastructure such as planes, healthcare, trains, and local governments, it should give central governments globally pause for thought.
“When one vulnerability can have such global ramifications, should a situation like this ever be exploited by a rogue nation-state or terrorist organisation, it could have devastating consequences globally.
“Whether this is an intentional outage or just an unfortunate glitch, it needs to be seen as a canary in the coal mine moment for what could happen.
Conor O’Neill, CEO and Founder of pentesting platform, OnSecurity has said the following:
“This appears to be an issue relating to an update to an issue with an update overnight to the Windows version of the popular CrowdStrike cyber security endpoint protection software used by a large number of businesses globally.
“At this time there is no evidence that this was an intentional cyber attack or that any customer data is at risk. Current evidence suggests that this is not a permanent “bricking” of systems, that a fix has been identified and affected computers and servers can be restored. However we advise that this fix is likely to be a manual process on a large number of affected systems and therefore it may be some time before normal operations are restored.
“For affected companies and organisations we recommend working directly with CrowdStrike and your IT service providers for remediation advice. For the general public we advise there is likely to be heavy disruption to affected services throughout the day with potential ongoing knock on disruption through the weekend – particularly air travel”.
He has also given his personal opinion on the matter:
“What I think is fascinating is how similar the impact of this is to a malicious ransomware attack is, but on a much bigger scale. The lines are blurred and I don’t think we’ve ever seen anything like this before. It’s highlighting the inherent problem that gets created when basically the entire planet’s computer systems being run by two companies (Microsoft and Amazon). There are basically two major global points of failure and today we’re seeing for the first time what happens when one of those points fails.
“I don’t think anyone can yet predict the ramifications for CrowdStrike in the medium term, but it’s certainly very damaging for them. I feel very sorry for the staff in there, I would hate to be working there today. Longer term Microsoft will probably have questions to answer too in terms of how a problem with a third party piece of software can have such ramifications for what looks like their entire global customer base.”