The Crowdstrike Incident is a Cybersecurity Wake-Up Call About Software Updates

On July 19, a faulty software update from cybersecurity company CrowdStrike likely affected over 8.5 million Windows devices. The immediate impact of the CrowdStrike incident on users was the sudden appearance of the Blue Screen of Death (BSOD), which is a memorable acronym in the world of cybersecurity.

“Who needs ransomware,” asks an article by Eileen Yu, Senior Contributing Editor at business technology site ZDNET, “when a faulty software update can shut down critical infrastructure?”

In the ZDNet article, Yu mentions that she was in Singapore but managed to avoid being caught in the resulting bottleneck at the major airport. She refers to comments made by a Singapore tech official, Josephine Teo, who is Singapore’s Minister for Digital Development and Information, for insights to be gained from the CrowdStrike incident.

Teo says the Blue Screen of Death left users feeling vulnerable, and the incident has raised pressing questions about reliance on technologies that have proved to be less than reliable.

It points to the need for serious efforts at self-protection. “Testing and red-teaming must be prioritized and conducted across multiple levels so that appropriate safeguards can be put in place,” she says. This includes the implementation and the continuous updating of business continuity plans, and preventive measures like stress-testing and table-top exercises.

But first and most fundamental, the CrowdStrike incident shows that cybersecurity and tech vendors have an obligation to test their updates before sending them out, especially to parties whose business involves critical infrastructure.