CrowdStrike’s update to its flagship cybersecurity product, Falcon Sensor, late last week caused an impressive amount of panic across a wide swath of industries. Many computers running Microsoft were stuck on the “blue screen of death” (BSoD), which would not allow users’ computers to load.
Immediately, the update caused flight cancellations, train delays, broadcasting problems, hospital issues, and disruptions at businesses across all sectors that could not log into their computers for the day. But aside from these fleeting, yet major, problems the botched software update will have lasting implications.
Opportunity for competitors
Impacting the cybersecurity industry as a whole, many organizations will see last week’s update failure as an opportunity to market their own fraud fighting technology to organizations big and small that were impacted by last Friday’s events. We may even see a slight increase in new cybersecurity company launches. According to TechCrunch, as of last year, CrowdStrike enjoyed a 14.7% share of global revenue from security software sales. This may decrease as some clients seek alternative technologies. It is unlikely, however, that we will see a mass exodus from CrowdStrike.
Information for hackers
Perhaps one of the biggest concerns for CrowdStrike clients is that the update failure offered hackers all over the globe a visual of which companies use CrowdStrike as a vendor to fight fraud. Cybersecurity companies rarely disclose client names, especially in banking and finance, and for good reason. When hackers know which security software vendors a firm is using, they are able to gather a lot of information they can use to try to circumvent the software for nefarious purposes.
In addition to offering visibility into which banks are working with CrowdStrike as a security vendor, the fallout of the update also offers fraudsters an open door to send consumers phishing emails and phone calls to exploit the situation by asking consumers to divulge passwords and sensitive codes.
Loss of consumer trust
End consumers, especially in the banking and airline industries, will likely lose some amount of trust in the security of online businesses. Many saw firsthand how far reaching and potentially catastrophic software disruptions can be, and unfortunately, many consumers incorrectly assumed that the BSoD was the result of a cyberattack rather than an update glitch. As a result, consumers may be more wary of sharing their sensitive details online and may be less willing to trust the security of their financial institution, even if it was not impacted by Friday’s events.
Heightened regulatory concern
Regulators are consistently being challenged by today’s fast-moving technological environment. Now, they have a new worry to add to their list. Regulators have a responsibility to ensure that they are not only retroactively responding to IT outages, but also actively working to help prevent them from occurring in the first place. This will likely lead to more stringent regulatory guidelines for cybersecurity measures, mandatory incident response protocols, and regular stress testing of critical IT systems to ensure their resilience.
Photo by Patrick Tomasso on Unsplash