‘CrowdStrike’ın 19 Temmuz 2024 Tarihli Hatasından Alınan Risk Dersleri
Kuruluşlar hatalı güncelleme sonuçlarıyla boğuşmaya devam etmektedir. Dünya çapındaki bilgisayar sistemleri, Cuma sabahı (19 Temmuz 2024) hızla yayılan ve hastaneleri, havayollarını, bankaları, acil servisleri ve diğer kuruluşları etkileyen büyük bir çöküşten bu hafta hâlâ toparlanma çabasındaydı. Geçtiğimiz birkaç on yıldaki diğer büyük kesintilerin aksine, Cuma günkü kaos dışarıdan gelen bir siber saldırıdan kaynaklanmamıştır. Bunun yerine, ses evin tam da içinden gelmiştir: siber güvenlik sağlayıcısı CrowdStrike tarafından gönderilen hatalı bir Windows yazılım güncellemesi.
Dealing With Another CrowdStrike Efficiently
The Crowdstrike debacle, which impacted 8.5 million devices on July 19, 2024, resulted from a simple software update gone wrong. Yet, before the issue could be resolved, it resulted in an estimated $5.4 billion in direct losses for organizations around the globe.
How the Microsoft and CrowdStrike Failure Occurred and How to Prevent It from Happening Again
Although many consumers likely didn't know the name CrowdStrike before July 19, 2024, an incident occurred that day that caused the cybersecurity firm to become the subject of intense public scrutiny. An update to CrowdStrike's system caused many businesses running on Windows computers to crash and become entirely inoperable, affecting companies from Delta Airlines to Mr. Beast's YouTube channel.
Risk Lessons From CrowdStrike’s Blunder
Computer systems across the globe were still recovering this week from a massive meltdown Friday morning that spread rapidly, affecting hospitals, airlines, banks, emergency services and other organizations. Unlike other major outages over the past couple of decades, Friday’s chaos didn’t generate from an outside cyber attack. Rather, the call came from inside the house: a faulty Windows software update pushed by cybersecurity provider CrowdStrike.
Cybercriminals capitalize on CrowdStrike outage
Organized cybercriminal gangs have lost little time in attempting to cash in on the ongoing CrowdStrike/Windows outage currently affecting banks, airlines and businesses. According to the UK’s National Security Cyber Centre: “An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organizations and individuals.”
