Digital Security
When a software update procedure encounters failure, it can result in disastrous outcomes, as evidenced today with widespread occurrences of blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
•
,
2 min. read
Cybersecurity often revolves around quickness; an adversary devises a destructive attack method or code, cybersecurity firms respond to the new threat and if needed, adjust and embrace techniques to identify the threat. This adoption might necessitate updating cloud detection systems and/or upgrading endpoint devices to furnish the necessary safeguarding against the threat. The promptness is vital as the cybersecurity sector is tasked with safeguarding, identifying, and countering threats as they emerge.
The mechanisms the cybersecurity companies establish to prevent clashes between an update and the operating system or other products are usually substantial, with automated test environments emulating real-world conditions of diverse operating systems, different versions of system drivers, and the like.
In certain cases, this oversight may be conducted by individuals, a final approval that all processes and protocols have been adhered to and there are no conflicts. Additionally, there may be external entities, such as an operating system provider, in this equation independently testing from the cybersecurity provider, striving to circumvent any major downtime, as we are witnessing presently.
In an ideal scenario, a cybersecurity team would introduce the update and test it within their own setting, ensuring no compatibility issues. Once assured the update poses no problems, a gradual rollout of the update would commence, possibly one department at a time. Thus, minimizing the potential disruption to business operations.
However, this cannot be the course for cybersecurity product updates, they must deploy at the same pace as the dissemination of a threat, typically almost instantaneously. Failure in the update process can have catastrophic repercussions, as is being witnessed today with a software update from CrowdStrike, resulting in blue screens of death and complete infrastructure failures.
This does not indicate incompetence on the part of the provider, it is more likely a situation of unfortunate circumstances, a perfect storm of updates or configurations leading to the incident. Unless of course, the update has been tampered with by a malicious actor, which does not seem to be the case in this scenario.
What lessons can be drawn from this occurrence?
Primarily, all cybersecurity providers are likely reassessing their update procedures to guarantee there are no loopholes and to explore methods of fortifying them. From my perspective, the crucial takeaway is that when a company attains a significant market presence, their dominance can trigger a semi-monoculture event, where a single issue can impact many.
Any cybersecurity expert will mention phrases like – ‘defense in depth’ or ‘layers of defense’ – this alludes to the use of multiple technologies and often multiple suppliers to counter potential attacks, it also pertains to resilience in the architecture and not depending solely on a single provider.
We must not lose sight of who shoulders the blame when incidents such as this occur, if cybercriminals and nation-state aggressors did not formulate cyber threats, there would be no need for real-time protection.
About Author
