sb.scorecardresearch
Advertisement
OPINION

Published 21:55 IST, July 19th 2024

Cyber meltdown points to downsides of efficiency

A software update wreaked havoc on computer systems globally, grounding flights, forcing some broadcasters off air and hitting services across the globe.

Reuters Breakingviews
Karen Kwok
Follow: Google News Icon
  • share
Microsoft
Microsoft | Image: Pexels Photo
Advertisement

Cyber strike. The CrowdStrike engineer who pushed through a seemingly harmless software update probably couldn’t have imagined the global havoc it would cause. Nor, in all likelihood, could the $83 billion cybersecurity company’s customers. The global meltdown that followed on Friday exposes the extreme fragility of a global IT network that prizes efficiency over stability.

Widespread computer outages, characterised by the dreaded “blue screen of death”, grounded U.S. aircraft, stopped traders from settling positions, and kept broadcasters like Britain’s Sky News off air. It all started with what CrowdStrike CEO George Kurtz called a “defect found in a single content update”, which went to customers using Microsoft’s ubiquitous Windows operating system. The company deployed a fix, Kurtz also said.

One question is how long it will take to get things moving again. In a forum on social media site Reddit, users discussed workarounds including rebooting machines in a protected mode and removing a CrowdStrike file. If that’s the only possibility, it suggests that IT administrators can’t reconnect offline computers remotely. For an organisation with hundreds of thousands of workstations, restarting them manually one by one would be highly disruptive.

Another, longer-term, question is how this could have happened. That comes down to concentrated market shares in the business-to-business software sector. CrowdStrike last year claimed that it was the most widely used seller of endpoint security, which involves protecting devices like workstations and servers. It had 19% of the market in the second quarter of 2023, according to research firm Canalys.

Such high levels of concentration stem from the fact that many businesses like to use one vendor rather than many. Greater scale begets higher margins, giving software leaders an edge on pricing and new product development. CrowdStrike, for example, turned 75% of sales into gross profit in its most recent financial year. Its market value more than doubled in the 12 months to Thursday, before tumbling roughly a tenth on Friday.

A typical enterprise spends 10% of its IT budget on cybersecurity, according to SenseOn data, so perhaps it’s no surprise that executives are keen to work with vendors that benefit from economies of scale. The flip side, however, is that issues at a single firm can affect a meaningful chunk of the global economy. Bank supervisors have cottoned on to the risk, for example, of a cloud provider breaking. That’s only sensible given the dominance of Amazon Web Services and Microsoft Azure. CrowdStrike shows that the same kind of problem can come from a far more obscure source.

Context News

A software update wreaked havoc on computer systems globally on July 19, grounding flights, forcing some broadcasters off air and hitting services from banking to healthcare. An update to a product offered by global cybersecurity firm CrowdStrike affected customers using Microsoft’s Windows operating system. CrowdStrike CEO George Kurtz said the issues were caused by “a defect found in a single content update for Windows hosts.” “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz said in a post on social media platform X. The company’s shares were down 14% to just under $295 as of 1330 GMT on July 19.

Updated 21:55 IST, July 19th 2024