A major player in cybersecurity, CrowdStrike, released an automatic update for their protection software that didn’t go as planned, which led to global disruptions and concerns about digital security and our reliance on computers.
“The software happened to have some bugs in it, or at least one major bug that caused a large number of Windows hosts that were running the software to get a blue ‘screen of death,’ which is basically when Windows doesn’t boot,” said Nathan Evans, a computer science and cyber security professor at the University of Denver, who is also the Director of Cyber Security Programs there. “It basically froze a large number of Windows machines.”
Evans says the mistake in the update likely stemmed from a lack of proper testing prior to deployment.
“Unfortunately, nobody writes perfect software, and so, software bugs will happen,” Evans said. “I think, in this case, they probably made a mistake in pushing out an update or a patch that hadn’t been rigorously tested enough, so the solution in this case would have been for them to do a lot more testing before releasing this update.”
Evans says while these incidents are rare, another global incident like this is “not impossible.”
“We can’t say for sure whether something of this scale will happen again, but it’s not impossible that it will happen again, and people just need to be vigilant and make sure that they’re testing all of their software before they push out updates and patches to try to ensure things like this don’t happen in the future,” Evans said.
To be prepared for future incidents, Evans suggests a few key steps for both companies and individuals.
“We are wholly reliant on technology and computers for lots of things. I generally think that that’s a good thing, because think about how much it helps our lives and how much it makes our jobs easier, but you know, people should always in the back of their mind, think, ‘what happens if I lose my computer tomorrow, and what would be the impact of that,'” Evans said. “I think that each individual and organizations need to be aware that things like this can happen and have plans in place to recover from it.”
Evans added, “for example, having offline copies of your important medical documents or your bank documents, is always a good idea, and having backups of all of your important files on your computer, and making sure that you know you’re not storing something that you absolutely need to have in an emergency only in in one place, especially digitally.”
The CrowdStrike update that caused Friday’s chaos was released automatically to Microsoft Windows customers.
Evans says it’s generally a good thing to be enrolled in automatic updates to keep your computer safe from cyber-attacks or viruses, but in the future, experts say taking proactive steps can help mitigate potential impacts, including staying informed about updates from software providers and being cautious about immediately installing them until they are confirmed stable.