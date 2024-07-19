Information systems|According to security expert Petteri Järvinen, the management and ownership of different software is too concentrated. It is a risk that is not necessarily understood.

Global IT failure has caused major technical problems around the world. Problems have been reported, for example, in the operation of major airlines, airports and healthcare services around the world.

It is about an incorrect update in the software of the information security company Crowdstrike. Crowdstrike is one of the world’s largest endpoint security companies.

Its customers are large companies. The companies that use Crowdstrike themselves or are dependent on companies that use it are now in trouble.

How can so many actors be so dependent on one company that its screwing up causes global problems?

Data security expert and nonfiction writer Petteri Järvinen not familiar with the exact history of Crowdstrike or the company’s growth story. However, the spread of its software is explained by the nature of the technology market, where popularity breeds popularity, he says. When the company’s software is found to be working in a few companies, it will be used elsewhere as well.

“This market favors one actor taking on a dominant role.”

According to Järvinen, the same phenomenon explains, for example, why Microsoft’s Windows operating system has achieved its popularity.

“Bridge [teknologiamarkkinalla] there is such a monoculture that everyone uses the same applications, the same cloud services and the same information security solutions, because uniformity also brings cost savings,” says Järvinen.

Järvinen says directly that he thinks the management and ownership of various software is too concentrated in the hands of a few large companies.

“There should be more diversity, different operating systems and information security programs, but then it becomes more difficult to manage them, which in a way increases the workload,” says Järvinen.

“That’s why we end up in situations like this, because we’re dependent on one [yhtiöstä].”

And when the verification of information systems and their functionality is concentrated, a large number of companies and organizations can suffer from problems.

“We may not have fully awakened to this kind of risk. It is imagined that hackers breaking into a company and extorting information are the big risk. You don’t realize how dependent we are on a few services and companies, whether it’s Google, Microsoft or such information security services,” says Järvinen.

Järvinen compare the problems that occurred on Friday to the one that hit the American telecommunications company Solarwinds in 2020 to a cyber attack. In it, Solarwinds was made to distribute a software update to its customers online, which carried the spyware with it. Among the victims of espionage were numerous large companies and US ministries.

In such situations, companies cannot protect themselves, they just have to trust their own software supplier, says Järvinen.

“It was a deliberate act, but it showed how vulnerable a large number of companies can be if [ohjelmistojen] the supply chain can be interrupted.”