Skip to main content

ISG provides expert comment on CrowdStrike incident

ISG provides expert comment on CrowdStrike incident

  • Date22 July 2024

Dr Andrew Dwyer shares a round-up of the recent CrowdStrike incident, during which he provided expert comment to media outlets.

Padlock, globe, circuit board, electronic, microchip - Information Security

On Friday 19th July, the CrowdStrike incident impacted computer systems around the world. As news of the incident unfolded, Dr Dwyer, Lecturer in Information Security at Royal Holloway, spoke to MIT Tech Review and LBC Radio, drawing on his research at the intersection between information security, geopolitics, and socio-technical approaches to security. In this article, he provides a round-up on the incident, key take-aways, and what next for the information security and cyber policy communities.

Incident Round-Up

CrowdStrike is an American endpoint detection company that provides detection of malware and other suspicious behaviour. On Friday 19th July, CrowdStrike updated its Falcon platform that affected computers running most of the common Windows operating systems. This update led to a system crash that affected systems globally – with immediate impacts on transportation infrastructure, public-facing websites, and other services. CrowdStrike has released preliminary details on the incident as well as methods to recover from the incident. Some have called this the world’s largest-ever IT incident. Although this is difficult to verify, it is at least comparable in scale to the 2017 WannaCry and NotPetya incidents.

Key Take-Aways

Although this was not due to a cyber-attack, unlike some reporting on the day and subsequently, it can still be considered a significant information security incident. It demonstrated several key risks in our increasingly interdependent digital economy:

  1. Supply Chains: Endpoint detection has significant and deep access to endpoints to detect and prevent violations. However, this makes endpoint detection a significant potential vector for exploitation, and in this case, poor implementation of updates.
  2. Redundancy: The speed of recovery is key to cyber resilience, but many companies lacked redundancy in their systems and networks to maintain minimum business continuity. This is key challenge, and one where enhanced requirement for critical infrastructures through the EU’s NIS2 regulations will force more attention to
  3. Digital Economy Consolidation: The increasing concentration of key elements of our digital economy in fewer large tech companies increases the risk of a lack of resilience in the supply chain. This is also the case in cyber security, where recent acquisitions have further consolidated the sector.
  4. Geopolitics: The access that endpoint detection has can be exploited. No more so is this seen with the case of Kaspersky’s removal from US government systems over allegations of espionage by Russia. Dr Dwyer recently published an essay about this event and the role of endpoint detection in geopolitics here.

What Next?

There must a reflection on incident management and planning for companies across the globe. However, for cyber policy makers, it demonstrates (again) how supply chain dependencies are essential to prevent loss of availability in the digital economy. Endpoint detection provides an essential and important role in limiting the impacts of malware and suspicious behaviour. Yet, to do that, it must have access to our systems and networks that make it an essential node in the infrastructure of our digital economy.

CrowdStrike is likely to face a number of lawsuits off the back of the incident. Internally, it will be quickly assessing the quality assurance processes that clearly failed in this case. Collectively, we are lucky that this was not a malicious act by a state actor or cybercrime group, but that is perhaps little consolation for the work of IT teams across the world who have been recovering from this incident. But this is another chance to reflect at the fundamentals of how information security operates and risk propagates in the wider fabric of the digital economy.

 

Related topics

Explore Royal Holloway

Arrivals Sept 2017 77 1.jpg

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

clubs-societies_REDUCED.jpg

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones.

Accommodation home hero

Heading to university is exciting. Finding the right place to live will get you off to a good start.

Support and wellbeing 2022 teaser.jpg

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help.

Founders, clock tower, sky, ornate

Discover more about our academic departments and schools.

REF_2021.png

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’.

Immersive Technology

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

volunteering 10th tenth Anniversary Sculpture - research.jpg

Discover world-class research at Royal Holloway.

First years Emily Wilding Davison Building front view

Discover more about who we are today, and our vision for the future.

RHC PH.100.1.3 Founders south east 1886.w

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today.

Notable alumni Kamaladevi Chattopadhyay

We’ve played a role in thousands of careers, some of them particularly remarkable.

Governance

Find about our decision-making processes and the people who lead and manage Royal Holloway today.