Introduction
On Friday 19 July 2024, an IT outage, caused by technology giant CrowdStrike, was felt around the globe. The outage impacted ATM machines, financial institutions and caused chaos at airports, with flights being grounded, and healthcare systems with some hospitals having to cancel procedures at short notice. Supermarkets closed and even simple tapping to pay for goods and services, was impacted, which can have devastating flow-on effects.
From a company law perspective, this article explores what is CrowdStrike, the impacts of the CrowdStrike outage on corporations, and what to expect next.
What is CrowdStrike?
CrowdStrike Holdings Inc is one of the world’s largest cybersecurity companies, based in Austin, Texas. The company provides endpoint security, threat intelligence and cyberattack response services.
CrowdStrike’s software is very popular amongst businesses across the globe. Indeed, it is estimated that over half of Fortune 500 companies use security products provided by CrowdStrike.
CrowdStrike Falcon is the company’s endpoint detection and response (EDR) platform. The platform monitors end-user hardware devices across a network for suspicious activities and behaviour, reacting automatically to block perceived threats and saving forensics data for further investigation.
What caused the CrowdStrike outage?
A defective content update to CrowdStrike’s Falcon EDR platform was pushed to Windows machines early on 19 July 2024. CrowdStrike typically pushes updates to configuration files – called “Channel Files” – for Falcon endpoint sensors, several times a day. However, the defect in this particular update sent Windows servers and PCs across the globe into an endless reboot cycle – more commonly known as “the blue screen of death”.
According to CrowdStrike, the defective update triggered a “logic error” which resulted in an operating system crash. As a result, PCs automatically rebooted; however, this caused the Windows system with the defective CrowdStrike file to crash again, causing an endless reboot cycle.
CrowdStrike’s Falcon product integrates closely with the systems which it monitors. This means that the Falcon platform has deep administrative access to core operating systems. However, in this case it was this very tight integration which proved to be the downfall for CrowdStrike, rendering Windows machines completely inoperable due to the flawed Falcon update.
The flawed update only impacted computers running the Windows operating system. Hence, MacOS and Linux machines were unaffected, even those which were using CrowdStrike. CrowdStrike stressed the point that this was “not a cyberattack”.
The impact on corporations
Because CrowdStrike’s software is so widely used, the outage has been branded as the largest IT outage in history. Indeed, as of 24 July 2024, IT organisations around the globe are still attempting to fully remediate the issue with technical staff working overtime in order to get airlines, hospitals, banks and thousands of small businesses up and running.
For many companies, recovering from the outage is not a simple task. This is particularly the case, where a deletion of the defective file and a manual reboot of several machines is required – a process which is time-consuming when required at scale. Other companies, where hardware refresh plans are in place, are considering accelerating those plans as remedy in order to replace those machines impacted by the defective file, as opposed to committing the resources necessary to conduct manual fixes to their full fleet of computers.
The massive and widespread chaos unleashed by a simple update gone wrong may see companies change how they engage with the software which they licence, prompting the need for more thorough and widespread testing.
Indeed, the scale of the outage highlights the risks associated with over-reliance on a particular provider or on a single system, in this case the Windows operating system. Implementing redundant systems and failover protocols is essential for an organisation in order to maintain critical operations. Whilst monitoring systems such as CrowdStrike’s Falcon are essential, they should not be the sole pillar of a robust cybersecurity position.
The CrowdStrike outage serves as a sobering reminder that the size or reputation of an organisation does not guarantee immunity to significant technical issues. Robust quality control and risk management also play an integral role in both identifying and dealing with issues before they impact clients. Even more detrimental is the brand damage which CrowdStrike has suffered as a result with the company now being a household name for all the wrong reasons. Not surprisingly, CrowdStrike’s share price dropped significantly following the outage, although industry analysts expect it to recover.
The impact in Australia
As a result of the time difference, between the US and Australia (14+ hours), Australian businesses were amongst the first to report encountering difficulties early on Friday morning, with those issues persisting throughout the day. Qantas reported issues with its website, booking systems, check-in and flight management throughout the day on Friday.
Of interest, it has been reported that fewer businesses in the Asia-Pacific region use CrowdStrike, meaning that the consequences from the outage were far less than felt in other parts of the globe, particularly in the US and Europe where CrowdStrike maintains its primary customer base.
However, despite Australia being “first off the mark” in many respects, the damage bill from the CrowdStrike outage is estimated to surpass $1 billion, and the impact from the outage is likely to be felt for weeks to come.
What next?
On 22 July 2024, the New York Times reported that US Congress had called on the CEO of CrowdStrike, George Kurtz, to testify at a congress hearing concerning the outage.
There have also been reports of an imminent class action, in an attempt to recover compensation from CrowdStrike as a result of business losses from the outage. However, whether a class action is a realistic venture, or whether the brunt of the business losses will fall to Australian insurers, remains to be seen.
Source:
Australian Broadcasting Corporation (ABC), CrowdStrike outage tipped to leave Australian businesses with damage bill surpassing $1 billion, 22 July 2024, accessed 24 July 2024.
ABC, Why Asia dodged the worst of the CrowdStrike meltdown, 23 July 2024, accessed 24 July 2024.
ABC, It could take up to two weeks to resolve “teething issues” following CrowdStrike outage, Clare O’ Neil says, 21 July 2024, accessed 24 July 2024.
Australian Financial Review, What is CrowdStrike? The IT giant behind the global meltdown, 19 July 2024, accessed 24 July 2024.
AFR, CrowdStrike failure raises billion-dollar compensation question, 22 July 2024, accessed 24 July 2024.
New York Times (NY Times), Congress calls for tech outage hearing to grill CrowdStrike CEO, 22 July 2024, accessed 24 July 2024.
