Cyber ​​chaos, the experts’ opinion: it will take time to recover

John

By John

It will take days or even weeks for many companies to fully recover from last Friday’s computer blackout.: this is what experts say, whose opinions have been collected by the Financial Times. The bugged update of Crowdstrike has damaged 8.5 million Windows PCs and serverswhich accounts for less than 1 percent of all Microsoft devices, has grounded airplanes and caused outages around the world. Analysts say the incident is all the more shocking given CrowdStrike’s strong reputation as many companies’ first line of defense against cyberattacks. Windows users who experience a “blue screen of death” error can now only reboot their computers and manually delete CrowdStrike’s faulty update file, an operation that requires direct access to each device. That means the application could take days or weeks to complete in companies with thousands of Windows computers or a shortage of IT staff to administer the change, experts say. “It looks like millions of computers need to be repaired manually,” said Mikko Hypponen, chief research officer at WithSecure, a cybersecurity firm.

“The most critical machines, like the CEO’s PC, have already been fixed, but for the average person, it’s going to be a while before someone comes to fix their laptop,” he quipped. Compounding the impact of the error is the large size and high-profile nature of many of CrowdStrike’s users. The Austin, Texas-based company said it would have more than 29,000 enterprise customers by the end of 2023 and has said in marketing materials that its software is used by more than half of the Fortune 500. “Even though it’s actually a pretty big company, the idea that it could shut down the world is extraordinary,” said Marshall Lux, a visiting fellow at Georgetown University’s McDonough School of Business. The global ripple effect illustrates “the interconnectivity of all these things” and the “risk of concentration in this market,” Lux added.

Software vendors “have clearly become so large and so interconnected” that their failures could damage the global economic system, wrote Fatima Boolani, an analyst at Citi. In an apology to CrowdStrike customers on Friday, Kurtz stressed that the incident “was not a cyberattack” and insisted that CrowdStrike customers “remain fully protected.” But security researchers have warned that hackers could take advantage of the chaos to impersonate Microsoft or CrowdStrike agents for phishing scams. “We see this happen with every major cyber incident that hits the headlines,” said Vasileios Karagiannopoulos, associate professor of cybercrime and cybersecurity at the University of Portsmouth. Cybersecurity firm Secureworks said its researchers had recorded several new CrowdStrike-themed domain registrations within hours of the incident, likely from criminals aiming to defraud the company’s customers.

Companies like CrowdStrike are under pressure to roll out new security updates as quickly as possible to defend against the latest cyberattacks. “There’s a trade-off between the speed of ensuring systems are protected against new threats and the diligence needed to protect system resilience and prevent incidents like this from happening,” said Adam Leon Smith, a fellow at the British Computer Society, a professional body for the computing industry. The damage caused by this week’s faulty software update “could take days and weeks” to repair, he said.