This post is also available in:
עברית (Hebrew)
The recent enormous Microsoft outage, which affected 8.5 million Windows computers and devices, was caused by a bug triggered by an automatic update for a relatively unknown piece of software: CrowdStrike’s Falcon.
Falcon is an “endpoint detection and response” software (or EDR) that monitors computers for signs of cyberattacks. It can collect data about what files are opened, what programs are being run on the device, websites visited, and more. This kind of software is recommended by many cyber experts and authorities, meaning that the most recommended cyber security strategy today is software that spies on everything that happens on your computer.
Nevertheless, it is invaluable in smaller organizations for alerting IT security teams to signs of cyber intrusion, helping them thwart attackers before they can cause significant damage. It can also flag suspicious behavior that could indicate more stealthy attacks. This technology can also provide valuable intelligence about emerging cyber threats worldwide since it is deployed in so many organizations and can identify patterns of malicious behavior.
However, the outage brings up questions about the downsides of EDR technologies- some call out the world’s dependence on too few global tech giants, as well as the sheer technical risk of the software that is tightly integrated into the core of Microsoft Windows, the fundamental software that controls most of our computers, causing the widespread crashes we saw during the outage.
Since CrowdStrike is in charge of highly privileged software, it also has a responsibility to ensure its updates are safe- this failure taught us all to demand much higher standards of accountability from the makers of critical software.
Looking ahead, cybersecurity experts say that this technology can be done much better. They first say that Microsoft and CrowdStrike must ensure tools like Falcon are extremely separate from the core of Microsoft Windows, reducing the risk of future faulty updates. They add that to protect user privacy, the tech should implement privacy-preserving methods for data collection and analysis.
They conclude that this incident definitely functions as a wake-up call about our society’s dependence on unreliable computer software, and say we must reduce our dependence on invasive technologies like EDR, which would be done by focusing efforts on building software that is reliable and secure.
This information was provided by Techxplore.
