3 Key Takeaways from the CrowdStrike Outage

July 19, 2024, will long be remembered as the most extensive system and infrastructure outage in recent memory.

On Friday, systems worldwide faltered—and outright failed in many instances—due to a faulty update to the Falcon sensor configuration for Windows systems. Consequently, mass-scale outages hit many vital industries, stirring up turmoil for those waiting for flights, appointments, bank transfers, and just going about their daily lives. If you experienced the dreaded BSOD (Blue Screen of Death), you’d be one of many.

We’ll discuss three key takeaways, both positive and negative, from the CrowdStrike outage.

1. Lack of Prior Testing

CrowdStrike didn’t test their update rigorously enough before deploying it live, which led to the outage, meaning that ultimately, the fault happened due to a testing oversight.

There may have been a presumption that the update was ready for deployment before it actually was. As we’ve all come to know, this has had colossal consequences – not just for CrowdStrike themselves but for companies and organisations running on Windows systems across the globe.

2. Quick and Transparent Response

Once the update went live, the effects hit instantaneously. However, CrowdStrike responded to the situation quickly and transparently. They kept their lines of contact open and accessible throughout the crisis, which they’ve received some praise for.

Despite the odds, CrowdStrike has emerged from the situation quite favourably because of its response. It has set a shining example of how to manage a crisis, not just because of its response but also because it effectively navigated the issue despite its sheer scale. They may stand out in this way because this isn’t always the outcome when large-scale problems arise. It’s important to note that they aren’t entirely free from scrutiny – in fact, they’re far from it. But compared to similar incidents, they have fared quite well.

When things go wrong, companies often encounter internal turmoil. When this inevitably meets the public eye, it can negatively affect their reputation and diminish trust among their consumers. So far, this has yet to happen to CrowdStrike.

3. A Worldwide Impact

For many, the sheer scale of the outage is the most astounding part of the whole event. It has become one of the most significant technological failures in recent history, leaving no industry unaffected (aside from those using Mac and Linux systems).

It highlighted how dependent companies and individuals across the world are on Windows-based systems, and how issues can bring vital services crashing down. What happened might make people apprehensive about Microsoft and CrowdStrike and how much of their infrastructure they should base virtually, especially on cloud-based systems.

Don’t Put All Your Eggs in One Basket!

While it was a stressful day for Windows-based databases, systems, and general users, it was business as usual for Mac and Linux. So, the outage begs a few questions all companies should consider:

• Should companies take measures to ensure they can continue operating despite tech issues?
• Has the modern world become too dependent on the systems and frameworks that conglomerates like Microsoft have set up?
• Should companies diversify their range of software and hardware suppliers to give themselves back-up measures if this ever happens again?

This occasion has taught us that mass-scale outages are definitely possible in the modern age, and mishaps can quickly occur. Despite this, there are a few things that set this outage apart from other large-scale events: contrary to many big tech failure stories, no data spilt into the public domain, and no malicious third parties were involved. It all chalked up to one minor oversight, which unfortunately had dire consequences.

Notably, CrowdStrike are certified to ISO/IEC 27001:2022. Despite the oversight, the standard has served them well in risk management, information safeguarding, and adhering to global security standards. IMSM has certified thousands of businesses to this standard.
We pride ourselves on our commitment to compliance and business development. ISO/IEC 27001:2022 equips you with the right tools, measures, and actions to protect you from security risks, data breaches, and of course, outages like this one.