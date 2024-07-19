Comment|Crowdstrike’s catastrophic failure raises questions about the vulnerability of information systems, writes Juhani Saarinen, head of HS’s Data & AI team.

Joke is familiar to every coder. The wording varies, but the content is always the same: One does not deploy on Fridays. Whatever you do, don’t make any changes to your software on Fridays.

If you make changes at the end of the work week, something will go wrong sooner or later, and the whole weekend can be wasted trying to fix the mistake.

Information security company Crowdstrike is no laughing matter. The exact moment of the start of the problems is not yet known, but early on Friday, Finnish time, the company’s update started crashing Windows computers around the world.

Cleaning up the mess seems to ruin at least one weekend.

Thousands companies around the world have adopted Crowdstrike’s software to protect them from various malware and attacks.

The idea of ​​the software is to detect threats quickly and prevent them from happening. In order for blocking to be effective, the software must be given broad rights to make changes to users’ machines.

The arrangement is based on trust. Whoever acquired the software trusts that Crowdstrike will not abuse the power it has gained.

On Friday, the company messed up in a catastrophic way, when it downloaded an incorrect update to users’ machines. The mistake seems to have been an accident, but fixing it requires huge amounts of work.

For data security reasons, most companies do not allow employees to make changes to their machines themselves. So users have to wait for it support to arrive to fix the problem.

When software is developed, mistakes happen. What was unusual this time was that the bug was not noticed until it ended up on customers’ machines around the world.

Cleaning up the mess seems to have gone quite quickly on Friday. But the plug still raises questions about the vulnerability of information systems. Are the systems already too concentrated? To whom do we entrust the responsibility for the functionality of the systems? Are they sure they can do their job properly?

Such a big mess was apparently created by accident – what if someone wanted to cause trouble on purpose?