Cyber Security
In case of a failed software update process, it can result in severe implications, as witnessed today with widespread blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
•
,
2 min. read
Cybersecurity often revolves around agility; a cyber threat actor devises a malevolent attack strategy or code, cybersecurity firms respond to the new threat and if necessary, modify and implement methods to identify the threat. This adaptation may involve updating cloud detection systems and/or upgrading endpoint devices to furnish the required safeguard against the threat. And agility is crucial as the cybersecurity sector exists to shield, identify, and counter threats as they arise.
The protocols cybersecurity firms establish to prevent clashes between an update and the operating system or other products are usually substantial, with automated test surroundings replicating real-world scenarios of diverse operating systems, various iterations of system drivers, and the like.
In certain cases, this oversight may be conducted by individuals, a final approval that all processes and procedures have been adhered to and no conflicts exist. There might also be external entities, like an operating system provider, in this equation testing independently of the cybersecurity provider, striving to prevent any major downtime, as witnessed presently.
In an ideal scenario, a cybersecurity team would receive the update and trial it in their internal setting, ensuring no incompatibility. Upon confirming the update poses no issues, a phased rollout of the update would commence, perhaps one department at a time. This approach diminishes the likelihood of any substantial disruption to business operations.
This approach is insufficient for cybersecurity product updates; they need to deploy at the same pace as the dissemination of a threat, typically almost instantaneously. A failed update process can be catastrophic, as is being demonstrated today by a software update by CrowdStrike, resulting in blue screens of death and complete infrastructure failure.
This does not imply incompetence on the part of the vendor; it is more likely an unfortunate situation, a convergence of updates or configurations leading to the incident. Of course, unless the update has been tampered with by a malicious actor, which does not seem to be the case in this instance.
What lessons can we draw from this incident?
Primarily, all cybersecurity providers are likely reassessing their update procedures to ensure there are no loopholes and to explore ways to fortify them. To me, the fundamental lesson is that when a company attains a significant market position, their dominance can instigate a quasi-monoculture event, where a single issue can impact many.
Any cybersecurity expert will mention terms like ‘defense in depth’ or ‘layers of defense’ – this pertains to leveraging multiple technologies and often multiple providers to thwart potential attacks; it’s also about resilience in the architecture and not depending solely on one vendor.
We must not lose sight of who should be held accountable when incidents like this occur; if cyber criminals and state-sponsored attackers did not generate cyber threats, we wouldn’t need real-time protection.
About Author
