Digital Protection
When a software update process fails, it can result in disastrous outcomes, as evidenced today with widespread blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
•
,
2 min. read
Cybersecurity often revolves around swiftness; a malicious threat actor devises a malevolent attack technique or code, cybersecurity firms respond to the new threat and, if required, adapt and embrace methods to detect the threat. This adaptation may necessitate updating cloud detection systems and/or updating endpoint devices to furnish the necessary protection against the threat. Promptness is crucial as the cybersecurity field aims to safeguard, detect, and counter threats in real-time.
The mechanisms that cybersecurity firms implement to prevent clashes between an update and the operating system or other products are typically substantial, with automated testing environments emulating real-world scenarios of diverse operating systems, various versions of system drivers, and so forth.
In certain cases, human oversight may be involved, giving final approval that all processes and protocols have been adhered to and there are no conflicts. In addition, third parties, such as an operating system provider, could be part of this equation, independently testing from the cybersecurity vendor to prevent any major disruptions, as we are witnessing presently.
In an ideal scenario, a cybersecurity team would take the update and assess it in their own setting, ensuring compatibility. Upon confirming the update causes no issues, a phased rollout of the update would commence, potentially department by department. This approach mitigates the risk of any significant disruptions to business operations.
However, this is not the protocol for cybersecurity product updates; they must be deployed at the same pace as the distribution of a threat, typically almost instantaneously. If the update process fails, it can have catastrophic consequences, as is currently unfolding with a software update from CrowdStrike, resulting in blue screens of death and entire infrastructures going down.
This doesn’t indicate incompetence on the part of the vendor; it likely stems from a stroke of bad luck, a convergence of updates or configurations leading to the incident. Unless, of course, the update has been tampered by a malicious actor, which doesn’t seem to be the case in this particular situation.
What lessons should we draw from this event?
Primarily, all cybersecurity vendors are probably reassessing their update procedures to ensure there are no loopholes and to explore ways to fortify them. To me, the key takeaway is that when a company attains a substantial market position, their dominance can trigger a quasi-monoculture event, where a single issue can have widespread repercussions.
Any cybersecurity expert will emphasize concepts like ‘defense in depth’ or ‘layers of defense’—this entails using multiple technologies and often multiple vendors to thwart potential attacks; it’s also about building resilience in the architecture and not depending solely on a single vendor.
We mustn’t lose sight of who bears responsibility when incidents like this occur; if cybercriminals and nation-state attackers didn’t create cyber threats, real-time protection wouldn’t be necessary.
About Author
