"Blue Screen of Death"

Airlines, banks, hospitals and many other organizations around the world have chosen cybersecurity company CrowdStrike to protect their computer systems from hackers and data breaches.

However, a faulty CrowdStrike software update caused global disruption on July 19 that canceled flights, shut down banks and media outlets, and disrupted hospitals, retailers, and other services.

Affected computers displayed a "blue screen of death," a sign that something went wrong with Microsoft's Windows operating system.

“This shows that technology is at the backbone of our entire IT infrastructure,” said Gregory Falco, associate professor of engineering at Cornell University. “The chaos happened because almost everyone was using the same company’s services, so everyone’s internet went down at the same time.”

CrowdStrike said the issue involving an update the company released that affected computers running Microsoft's Windows operating system was not a hack or cyberattack. CrowdStrike apologized and said a fix is ​​being rolled out.

While not everyone is a CrowdStrike customer, it is one of the leading cybersecurity service providers, especially in transportation, healthcare, banking, and other sectors that are at high risk of keeping their computer systems up and running.

“They are typically risk-averse organizations that want to be protected when something goes wrong. CrowdStrike provides that service. And when they see their peers in other industries using it, they believe they will need it too… Ultimately, the largest companies all use the same service,” Falco said.

Reliance on an AI Startup

Founded in 2011 and only publicly traded since 2019, CrowdStrike describes itself as “reinventing cybersecurity for the cloud era and transforming the way cybersecurity is delivered for the customer experience.” The startup emphasizes the use of artificial intelligence (AI) to help it keep up with competitors. The company reported 29,000 signed-up customers earlier this year.

Thanks to the explosion of technology and catching up with the AI ​​trend, this Austin, Texas-based company has quickly become the most famous cybersecurity company in the world. They even spend a lot on advertising, including expensive ads during Super Bowl matches.

CrowdStrike CEO George Kurtz is one of the highest paid people in the world, recording total compensation of more than $230 million over the past three years. Kurtz is also a driver for a CrowdStrike-sponsored racing team.

Following the incident, Kurtz admitted the mistake and apologized: "We understand the seriousness of the situation and are deeply sorry for the inconvenience and disruption this has caused."

Security experts say a routine update to CrowdStrike cybersecurity software appears to have failed to undergo adequate quality testing before being deployed.

The latest version of the Falcon software is designed to make CrowdStrike customers’ systems more secure from hackers by updating the threats it protects against. But faulty code in the update files has caused one of the biggest computer outages in recent years for companies using the Windows operating system.

Richard Stiennon, a cybersecurity industry analyst, said it was a historic mistake by CrowdStrike. “This is certainly the worst mistake, technical error, or glitch by any security software vendor ever,” he said.

While the issue is technically easy to fix, its impact could be long-lasting for some organizations because each affected computer needs to be repaired, he said.

Forrester analyst Allie Mellen noted that CrowdStrike has been clear with customers about what it needs to do to fix the problem. But to restore trust, she said it will take a deeper look at what happened and what changes can be made to prevent it from happening again.

Ngoc Anh (according to AFP, AP)