Cybersecurity Snafu

Last week a significant IT outage rippled through global systems, which ironically was triggered by a defect within a software update made by the global cloud cybersecurity firm CrowdStrike. The update caused approximately 8.5 million Microsoft 365 cloud devices around the world to malfunction, and fixing the issue has required complex patches that have taken time to implement. Many sensitive areas of our day to day lives were impacted including air travel, hospital systems, and banks, as well as many other businesses. Luckily this was an accident rather than a nefarious attack, which may have proven much more difficult to resolve. This incident has underscored vulnerabilities in modern digital infrastructure, but also highlighted the critical importance of cybersecurity in safeguarding the stability of our economy and daily lives.

The fallout from the CrowdStrike software update glitch included disruption to airlines worldwide which continue to cause cancellations and delays as flight scheduling systems have faltered.  Tens of thousands of flights have been delayed globally, with over 7,000 impacted in the US, causing many travelers to remain stuck. On Friday, 80% of flights leaving Hartsfield-Jackson were cancelled. Thousands were stranded at the airport, with many images circulating showing passengers sleeping on concourse floors. In hospitals, patient care management became challenging due to inaccessible electronic health records. Many surgeries and health visits were cancelled, as providers were forced to adapt including a temporary shift to paper charting. Financial institutions experienced disruptions, and customers lost access to online banking and trading services.

From lost sales to halted production lines, there are clearly economic implications although they are still difficult to quantify. In addition to the financial impact, the incident also raises alarms about the vulnerability of critical infrastructure to cyber threats. Water treatment plants and the electrical grid, essential for public health and safety, face potential risks from cyberattacks. The 2018 attack on Atlanta’s municipal systems serves as an example. Following the breach, the police department lost access to key operations systems, and city payment services for utilities, tickets, permits, and business licenses went down. Similarly, the Colonial Pipeline ransomware incident in 2021 showcased the broader societal impact of cyberattacks. The temporary shutdown of one of the nation’s largest fuel pipelines led not only to gasoline shortages but also hoarding and panic.

The CrowdStrike incident this week serves as a wake-up call for stakeholders across industries and governments. As digital dependencies grow, so too does the urgency to bolster disaster recovery plans. Looking ahead, addressing cybersecurity challenges will require continuous innovation and adaptation. Proactive measures such as regular cybersecurity audits, investment in secure technologies, and fostering a cyber-aware culture are essential steps towards safeguarding our interconnected digital ecosystem.

While the recent IT outage sheds light on vulnerabilities, it also underscores the resilience and adaptability of modern societies in addressing cyber threats. By prioritizing cybersecurity and taking a collective approach to risk management, we can better prepare for future disruptions, whether due to an unintended snafu or criminal actions.

Corey Erdoes