Bold Business Logo

The Great Software Patch Apocalypse of 2024

someone feeling the global tech outage impacts

On a recent Friday morning, many people drove to the airport with great anticipation, but they were met with delays, cancellations, and shutdowns. Why? It wasn’t due to a terrorist threat or even a cybersecurity attack. Instead, it was due to a major software glitch within a routine program update. What’s now known as the CrowdStrike coding catastrophe, major airlines, as well as hospitals, retailers, and 911 operators, had to temporarily pause. And this didn’t just occur in the U.S. but throughout the world. The global tech outage impacts rocked nearly every sector and developed region. Not only is this not the first time for such an event, but it’s certain not to be the last.

airlines feeling global tech outage impacts
As we’ve learned, a global tech outage impacts banking, travel and much, much more.

(Ransomware attacks have been a steadily growing threat for some time–read all about them in this Bold story.)

CrowdStrike, an important software provider for cybersecurity protections, had no idea such an event was about to happen. Likewise, the government agencies, multinational corporations, and organizations that used CrowdStrike also didn’t see it coming. But suddenly, computers across the globe shut down and went into perpetual reboot mode. In essence, any company that received the update and used Microsoft platforms suffered from the CrowdStrike coding catastrophe. And though the global tech outage impacts only lasted several hours, its effects will be felt for weeks for some companies. This raises questions about accountability and responsibility given the vulnerabilities that the worldwide tech infrastructure demonstrates. And it also raises concerns about similar risks with malicious players involved in cybersecurity hacks.

“[The CrowdStrike coding catastrophe] is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure.” – Ciaran Martin, Professor at the Blavatnik School of Government, Oxford University

The Sequence of Events

Coding software updates are nothing new or uncommon for that matter. Whether it’s our iPhones of operating systems, system updates have become routine. That’s not just true for us as consumers but for massive corporations and governments as well. Thus, when CrowdStrike issued a new software update late Thursday evening, no one expected any global tech outage impacts. After all, the update was to introduce a new but minor addition called Falcon Sensor. Falcon Sensor was added to help scan for possible intrusions or evidence of hack attempts. But due to a glitch on Falcon Sensor’s coding, systems began shutting down all over. In essence, the CrowdStrike coding catastrophe affected any client operating on Microsoft cloud or operating systems.

(Would you work for an AI boss? Read this Bold story and decide.)

The first companies to be impacted were those dependent on Microsoft’s Azure cloud services. The airline sector was the first to experience the global tech outage impacts with several shutting down for hours. That included Delta, United, Allegiant, Spirit, and American. In addition, health systems and hospitals were unable to safely function, requiring them to cancel non-emergent surgeries. And for a while, 911 operations were handicapped as well. Numerous other organizations were affected as computers went into a “doom loop.” That meant they would go to a blue screen and repeatedly try to restart over and over again. CrowdStrike was able to devise a patch for the coding errors. However, the patch was only rapidly effective for organizations operating on the cloud. Others involved in the CrowdStrike coding catastrophe will have to wait on a physical fix that could take a few weeks to fully resolve. Not only did the event take everyone by surprise, but it also resulted in global tech outage impacts everywhere.

“One of the tricky parts of security software is it needs to have absolute privileges over your entire computer in order to do its job. So if there’s something wrong with it, the consequences are vastly greater than if your spreadsheet doesn’t work.” – Thomas Parenty, Cybersecurity Consultant and former U.S. National Security Agency analyst

the screenshot of the apocalypse
If you saw this screen last week, you glimpsed the apocalypse.

Accountability and Protections

While the global tech outage impacts only lasted hours in terms of shutdowns, the economic and inconvenience factors were substantial. Interestingly, this is not the first time such an incident has occurred with CrowdStrike. Though not as well-publicized as the current CrowdStrike coding catastrophe, the company had a similar incident involving Linux systems. The coding mishap on the software update only affected smaller organizations using Linux. But it took five days before the issue was well resolved. If this had happened on a much larger scale, accountability issues would have already been raised. But it took the more impactful event recently for questions about CrowdStrike’s testing processes to be raised.

At the current time, there are no repercussions for CrowdStrike other than a public relations hit. But when such large global tech outage impacts occur, some type of penalty should be in place. In a competitive field, companies and governments would simply choose to work with another cybersecurity vendor. But the market for larger cybersecurity players like CrowdStrike is small. This makes major corporations from around the world using CrowdStrike rather vulnerable. The same could be said for those using Microsoft platforms or cloud services. Because of the broad reach of these major tech platforms, events like the CrowdStrike coding catastrophe become more likely. And the same could be said for cybersecurity hacks that get into such platforms as well. Understandably, this has many cybersecurity experts concerned long term.

Diversifying Risk and Demanding Solutions

a CrowdStrike coding catastrophe in action
How did the world almost end? A CrowdStrike coding catastrophe.

Notably, major corporations want to use the best when it comes to cybersecurity protections and technology solutions. But having all one’s eggs in a single basket can be risky, which means exploring numerous vendors may have value. Some level of diversification may be preferred as a result. Exploring a variety of quality cybersecurity providers would be encouraged rather than simply evaluating those at the top. At the same time, companies must demand greater accountability from technology solution providers. When errors such as the CrowdStrike coding catastrophe occur, reparations should be considered. In this way, greater incentives to avoid these global tech outage impacts exist among all stakeholders. To date, this is not what the current technology support landscape looks like.

 

Can AI Be the Boost Small Businesses Need?

Don't miss out!

The Bold Wire delivers our latest global news, exclusive top stories, career
opportunities and more.

Thank you for subscribing!