What We Learned Today from the CrowdStrike Incident and the Windows System Outage

What We Learned Today from the CrowdStrike Incident and the Windows System Outage
What We Learned Today from the CrowdStrike Incident and the Windows System Outage

What We Learned Today from the CrowdStrike Incident and the Windows System Outage

If you work in IT or your field is information technology in any specialty, or even if you are a manager or business owner

working on projects or technologies related to Microsoft, then today certainly did not pass you by unnoticed. From the very beginning, it was an extremely difficult day for anyone connected to a network or involved in technology — and not only that, but for anyone working in any field with no connection whatsoever to technology or information technology. Imagine that today was a tough day for aviation movements, oil and gas companies, governments, authorities, and institutions. It had an impact on healthcare systems, hospitals, clinics, patient data, traffic flows, server operating systems — and let your imagination run wild. To put it plainly, even broadcast media and live streaming entities were affected by this. Yes, indeed. So what happened? That is what we will discuss together today.

 

First and foremost, and before anything else, do not forget your brothers and sisters — in everything you do in your day, every detail of your eating, drinking, supplication, and prayer. Be certain that if you ignore today and get used to the situation, treating it like a movie or TV show, then know that your turn will come, and those who are being let down today will eventually let others down in turn — and by then regret will be useless. So do not normalize the situation, and know that the least you owe them as a fellow human being is to boycott, to pray for them, to donate to them, and to help them. We previously made a video about ways to support them, and now we recommend trusted people who are on the ground and very simple ways to support them through live streaming platforms like TikTok — people beyond reproach such as (Hema Barbakh and Abu Al-Ghalaba Al-Ghazawi). These people periodically go live and announce how many thousands they received and distribute it in front of everyone. If you knew their history and story, you would be utterly amazed. May Allah accept from us and from them, make them a support for our brothers and sisters, and may Allah heal our hearts and their hearts with our victory over our enemy and those who support it, very soon. As for the remaining duties, it is to support them on social media — and here comes the role of the group (The Arab Electronic Bees) on Telegram, which publishes posts containing lies and deception from the corrupt entity, and your task is to counter those posts or publish counter-posts. Such missions involve simple actions like liking and sharing, and in doing so, my friend, you will have fulfilled part of your duty toward them. Until Allah grants them victory or uses us to support and aid them, do not tire and do not normalize the situation — our beloved land has not yet been liberated. O Allah, grant us and them victory, steady their feet, guide their aim, correct their judgment, make the filthy accursed ones a bounty for them, protect their children, heal their wounded, accept their martyrs, strengthen their hearts, and O Allah forgive our shortcomings toward them. Ameen, Ameen, Ameen.

Back to Our Topic — What Happened?

Banks, airports, healthcare and financial institutions, hotels, retail stores, and others faced technical failures in the early hours of the day, starting from Australia and spreading westward. The world encountered an outage that may be among the most impactful in recent times — something like a nuclear bomb, but a technological one, if you will — dropped on all global systems, with very few unaffected today.

✅ The cause is linked to an update from a company called CrowdStrike, specifically related to its product Falcon Sensor, and the update targeted devices running Microsoft operating systems. This product protects against security threats. The problem is that the update was not properly tested on systems before release — whether due to haste or any other reason — and this led to the problems that occurred today.

1️⃣ The Importance of Going Back to Basics:

The CEO of CrowdStrike, George Kurtz, quickly assured the public that the incident was not a security threat and was not the result of a breach or malicious software. However, the CEO overlooked the fact that cybersecurity encompasses three important aspects: Confidentiality, Integrity, and Availability.

Based on the above definition of cybersecurity, the incident that occurred today can be considered a cybersecurity incident. It is important to recognize that system failures as an independent event separate from the world of cybersecurity have lost their meaning in today's interconnected digital age. Nevertheless, the concept of a cybersecurity incident still stands.

The CEO's intention to address the public and reassure them remains valid, but this does not negate the fact that today's incident is considered a cybersecurity incident in nature. We must recognize that cybersecurity is not merely a matter of ensuring confidentiality and integrity, but also encompasses availability — that is, the ability to continuously and reliably access and use systems and services.

It is essential that we focus on raising awareness about the importance of comprehensive cybersecurity and adopting effective procedures and policies to protect digital systems and infrastructure. We must take cybersecurity incidents seriously and learn from them in order to strengthen our ability to counter future threats and maintain the stability and security of the digital work environment.

2️⃣ The Necessity of Testing Updates:

It is clearly evident that the update carried out by CrowdStrike was not properly tested before being deployed to devices. After the rushed deployment, integration issues with the Windows operating system emerged, and applications dependent on servers were damaged.

Testing updates is a fundamental part of regulatory and preventive controls to avoid similar scenarios in the future. This relates significantly to change management controls and controls for dealing with third parties.

Change management controls aim to ensure that updates and modifications applied to systems and software are carried out in a thoughtful and organized manner, subject to a rigorous evaluation and testing process to ensure their safety and compatibility with the current environment.

In addition, effective controls must be put in place for dealing with third parties, such as software vendors and other service providers. Companies must carefully evaluate and examine the updates and modifications provided by these external parties, and establish mechanisms to inspect them and verify their quality and freedom from any security vulnerabilities that could threaten the overall system.

In short, testing updates is a fundamental part of cybersecurity procedures, and should be carried out carefully, based on regulatory and preventive controls, including change management controls and controls for dealing with third parties.

3️⃣ Global Tech and Security Companies Are Not Infallible!

Global technology and security companies, despite their superiority and expertise, carry numerous risks and challenges. These companies may suffer from weaknesses in their oversight controls, and the internal reality may not match the beautiful image they project externally. We must remember this fact when dealing with these companies, as any flaw may impact the company's customers, as happened in the incident mentioned.

4️⃣ Cybersecurity on Board of Directors Agendas:

Cybersecurity must be part of board of directors agendas, and these risks must be discussed and monitored on a regular basis. The discussion must begin in board meetings and must not be confined to executive management offices or technical teams alone.

Today's incident serves as a good reminder that cybersecurity must be at the top of the priorities of boards of directors as a whole. The incident was widely discussed in the media, the CEO of CrowdStrike had to intervene, stock prices were affected, and financial losses in the millions — and perhaps billions — occurred. This fundamental risk cannot be ignored on board of directors agendas.