Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
It takes malicious adversaries an average of 62 minutes to bring your business down, warns the CrowdStrike website. In the event, the cyber security company trusted to protect 29,000 clients from hackers managed to bring down a huge chunk of global enterprise itself. The culprit appears to be a single faulty content update that it pushed on its Falcon Sensor product to Microsoft users worldwide.
It is not clear how many customers, exactly, are at present stuck staring at a “blue screen of death”. It seems to be a global phenomenon, with businesses in Asia, Europe and the US reporting issues. The fallout appears to span large swaths of the world economy, affecting airlines, trains, banks, broadcasters and almost everything else besides. The companies involved are working on a fix, but initial reports suggest the process is both manual and complex, meaning that bringing crashed PCs back online may be a laborious process.
The companies involved will, of course, take a hit. Such a widespread failure will, at the very least, raise serious questions about quality control and internal testing processes. That should spook customers. The stock looks vulnerable, too. CrowdStrike has been growing rapidly, more than doubling its market capitalisation over the past 12 months to $83.5bn. The company was down 10 per cent in pre-market trading; there will be more to come.
Other companies, operating on a similar business model, may also be affected. Clients will be alive to the risk of outsourcing such mission-critical functions to third parties — especially ones that can automatically push updates on to client systems. One result may well be the expansion of internal IT teams. Another should be seeking a greater range of suppliers across software and other security applications.
The incident will also exacerbate concerns about concentration risk in the cyber security industry. The top 15 vendors worldwide have a 62 per cent market share in cyber security technologies, products and services, according to a report by SecurityScorecard. Endpoint protection, or the business of securing PCs, laptops and other devices, appears to be even more concentrated. CrowdStrike, the market leader, has grown its market share in modern endpoint protection from 13.8 per cent in July 2021 to 17.7 per cent in June 2022, according to an IDC report. Other sources put it higher still.
While the US Cyber Safety Review Board dissects large cyber attacks for lessons learned, there is no obvious body charged with analysing these technical failures to improve the resilience of global tech infrastructure, said Ciaran Martin, former head of the UK’s National Cyber Security Centre.
The current global outage should spur clients — and perhaps even governments and regulators — to think more about how to build diversification and redundancy into their systems.
Read the full article here