Digital Security
In cases where a software update process fails, it can result in severe outcomes, illustrated today by widespread blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
•
,
2 min. read
Cybersecurity often revolves around quickness; a threat actor devises a malevolent attack technique or code, cybersecurity firms respond to the new threat promptly and if required, adapt and embrace methods to identify the threat. This adoption may entail updating cloud detection systems and/or enhancing endpoint devices to offer the necessary protection against the threat. Swiftness is crucial since the cybersecurity sector is tasked with safeguarding, detecting, and responding to threats in real-time.
The methodologies cybersecurity firms implement to prevent clashes between an update and the OS or other products are usually substantial, with automated test environments replicating genuine scenarios of varying operating systems, divergent iterations of system drivers and the like.
These procedures may at times be monitored by individuals, a final approval indicating that all processes and protocols have been adhered to and there are no conflicts. Furthermore, external entities, such as an OS vendor, might be involved in this process, independently testing apart from the cybersecurity vendor, in an effort to avert any major downtime, as observed today.
In an ideal situation, a cybersecurity team would receive the update and test it within their own environment, ensuring no conflicting issues. Once assured that the update poses no problems, a scheduled implementation of the update would commence, potentially department by department. This approach minimizes the risk of any significant disruptions to business operations.
However, this method is impractical for cybersecurity product updates, as they must be deployed as swiftly as threats circulate, often almost instantaneously. If the update process encounters difficulties, it can have devastating consequences, as currently evident due to a software update by CrowdStrike, resulting in blue screens of death and complete infrastructure shutdowns.
Such events do not necessarily reflect incompetence on the part of the vendor; it may simply be a case of unfortunate circumstances, a convergence of updates or configurations leading to the incident. Unless, of course, the update has been tampered with by a malicious actor, which does not seem to be the case here.
Key takeaways from this incident
Primarily, all cybersecurity vendors are likely reassessing their update processes to ensure there are no deficiencies and to explore methods to fortify them. The real lesson for me is that when a company achieves significant market dominance, a semi-monoculture scenario can arise, where a single issue can impact a multitude.
Any cybersecurity expert will emphasize concepts like – ‘defense in depth’ or ‘layers of defense’ – which highlight the use of multiple technologies and often multiple suppliers to thwart potential attacks, alongside resilience in the infrastructure design, avoiding dependence on a sole vendor.
We must not lose sight of who should bear responsibility when incidents like this occur; if cybercriminals and state-sponsored attackers did not create cyber threats, real-time protection measures would not be necessary.
About Author
