Digital Protection
In case of a failure in the software updating process, it can result in dire consequences, as evidenced today with widespread blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
 •Â
,
2 minutes to read
Cybersecurity often involves rapid response; when a threat actor devises a malicious attack technique or code, cybersecurity firms react to the new threat and, if needed, modify and adopt methods to identify the threat. This adoption may necessitate updating cloud detection systems and/or upgrading endpoint devices to provide the necessary protection against the threat. Speed is crucial as the cybersecurity sector aims to defend, identify, and counter threats promptly.
The procedures that cybersecurity companies establish to prevent conflicts between an update and the operating system or other products are usually extensive. Automated test environments mimic real-world scenarios with various operating systems and system driver variations.
At times, human oversight may be involved, providing final approval that all protocols and processes have been adhered to without any conflicts. External parties, like an operating system provider, may also test independently of the cybersecurity provider to prevent any major disruptions, as is happening today.
In an ideal scenario, a cybersecurity team would test the update in their own environment, ensuring compatibility. Once confident that the update poses no issues, a phased rollout of the update would commence, possibly department by department, minimizing the risk of significant disruptions to business operations.
However, this process is not viable for cybersecurity product updates, as they must be deployed as quickly as threats spread, typically almost instantaneously. If the updating process fails, the consequences can be catastrophic, as we are witnessing today with a software update from CrowdStrike, resulting in blue screens of death and complete infrastructure failures.
This does not imply incompetence on the part of the vendor; it is more likely a case of unfortunate circumstances, a combination of updates or configurations leading to the incident. Unless, of course, the update has been tampered with by a malicious actor, which does not appear to be the case in this situation.
Key takeaways from this occurrence
Primarily, all cybersecurity vendors are likely reassessing their updating procedures to eliminate any loopholes and reinforce them. The fundamental lesson here is that when a company achieves a significant market share, their dominance can result in a semi-monoculture event, where a single issue can impact many.
Cybersecurity professionals often stress concepts like ‘defense in depth’ or ‘layers of defense’ – referring to the usage of multiple technologies and multiple vendors in most cases to combat potential attacks. It also emphasizes resilience in architecture and not relying solely on a single vendor.
We must not overlook who is accountable when such incidents occur; if cybercriminals and state-sponsored attackers did not create cybersecurity threats, then real-time protection measures would not be necessary.
About Author
