A PYMNTS Company

Did Concentration Exacerbate the CrowdStrike Outage?

 |  August 9, 2024

By: Roslyn Layton (Pro Market)

The July 19 CrowdStrike outage, triggered by a failed software update, caused 8.5 million Microsoft Windows installations to crash, leading millions of users to encounter the infamous Blue Screen of Death (BSOD). The fallout was significant, with planes grounded and hospitals unable to access electronic medical records. A leading cyber insurer estimates that the outage resulted in $5.4 billion in financial losses for Fortune 500 companies, particularly in the airline, healthcare, and banking sectors.

Regulation alone cannot replace the need for continuous improvement in design and engineering.

Some argue that CrowdStrike’s sheer scale contributed to the problem. In response to the outage, Federal Trade Commission Chair Lina Khan tweeted, “These incidents reveal how concentration can create fragile systems.” Fragility is indeed a compelling explanation for the incident; when a few software systems dominate the market, the impact is much greater when things go wrong. However, this concentration also has a protective side: it helps defend against cyberattacks daily.

To understand why, consider that security products like those offered by CrowdStrike are designed to prevent, deter, and defend against state-sponsored cybercriminals, whose attacks are becoming increasingly frequent, sophisticated, and severe. CrowdStrike has earned recognition for exposing North Korea’s hack of Sony Pictures, the Russian infiltration of the Democratic National Convention, and the details of Chinese espionage, which U.S. authorities used to prosecute cybercriminals. The Federal Bureau of Investigation estimates annual intellectual property theft at $225 billion to $600 billion, much of it enabled by cyber intrusions from Chinese state-sponsored hackers. The government relies on firms like CrowdStrike for critical information that it might otherwise struggle to obtain…

CONTINUE READING…