Companies around the world are facing Microsoft system failures and disruption to core operations due to a major global IT outage that has been linked to Crowdstrike’s cybersecurity software.
Shutterstock.com/People Image Studio
A global Microsoft operating system outage has impacted some of the world’s biggest businesses, financial systems, transport hubs and other service providers, which began reporting widespread outages in their IT systems powered by Microsoft in the early hours of 19 July 2024.
The outage was reportedly caused by a “defect” in a software update issued by major US cybersecurity software provider, CrowdStrike, which is used by numerous Fortune 500 companies, including major global banks, healthcare, and energy companies, to detect and block hacking threats.
Reportedly, a blue error screen is flashing up on Windows workstations across the globe, in countries including, but not limited to, the UK, US, Australia, India and throughout the EU. As a result, planes have been grounded, medical appointments and prescriptions disrupted and some banks, including Nationwide, HSBC and Metrobank have also reportedly been affected. Issues with payment services have also been seen, resulting in many retailers, including Waitrose, Asda and Sainsbury’s being unable to accept cashless payments.
Meanwhile, Poland’s largest container terminal, the Baltic Hub has said it is “struggling” due to the outage and has asked companies not to send containers to the port.
While a fix has reportedly been found, the IT outage is likely to continue impacting companies around the globe for at least a number of hours, if not days, highlighting the importance of strong crisis management and planning. How can companies respond to reduce the impact of an IT outage on business operations?
What is the issue and how does it relate to Crowdstrike?
CrowdStrike’s cybersecurity solutions are designed to prevent IT outages caused by cyberattacks. Specifically, the issue is here reported to have arisen with CrowdStrike’s, “Falcon antivirus software” that is used to protect Microsoft Windows devices from cyberattacks.
CEO of CrowdStrike, George Kutz said in a statement posted on X,
The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organisations ensure they’re communicating with Crowdstrike representatives through official channels. Our team is fully mobilised to ensure the security and stability of Crowdstrike customers.
Cybersecurity experts have indicated that the outage may have been caused by a faulty file present in a security update from CrowdStrike.
A Microsoft service health update issued on 19 July 2024 states that “the preliminary root cause is thought to be a configuration change in a portion of our Azure backend workloads [… that has] resulted in connectivity failures.”
The widespread disruption caused by this latest outage highlights the global system’s dependency on the major IT service providers, and the fragility this creates. Companies heavily outsourcing to third-parties may impact their operational resilience, in that, they are dependent on those vendors to function correctly to ensure business continuity.
While malicious actors are not determined to be the cause of the Crowdstrike incident, it may be possible to draw comparisons between the 19 July 2024 incident and the 2020 cyberattack against SolarWinds in which hackers used a “supply chain attack” to insert malicious code into SolarWind’s Orion system, comprising the networks, systems and data of the around 30,000 private and public organisations that use SolarWind’s Orion network management system to manage their IT resources. In other words, the hackers leveraged a software update from SolarWinds as the vehicle for infiltrating the IT networks and data of the customers SolarWinds provides services to.
In 2021, a report found that, on average, the SolarWind’s cyber incident may have cost affected companies as much as 11% of their annual revenue, demonstrating the scale and severity of the attack.
On 19 July 2024, a US District Court Judge largely dismissed a complaint brought against SolarWinds by the US Securities and Exchange Commission in relation to the 2020 cyberattack. Nevertheless, these incidents raise serious questions about leading businesses’ reliance on third-party software providers and the significant risks involved when such systems fail.
Crisis management tips
As companies around the world grapple with the effects of the outage, here are some key crisis management tips for maintaining business continuity during an unexpected IT outage:
- initiate crisis management and business continuity plans that should include contingencies for every aspect of the business and a list of key people and their designated responsibilities;
- log information on the crisis as it evolves and steps taken to manage it
- map affected systems to gain an understanding of the scope of the issue, how it is likely to affect business operations and the mitigating steps that need to be taken;
- contact the relevant regulator for advice on how to respond to the incident while ensuring compliance obligations are maintained. In some industries, there may be a requirement for companies to self-report to the regulator about the issue, such as in financial services;
- uphold fundamental principles, no matter the crisis, companies’ response should reflect their core values and compliance must be ensured;
- adapt and respond, there is no “one-size-fits-all” way to respond, companies need to consider the various possible outcomes of the incident and be flexible enough in their approach to adapt as new information and developments arise. For example, following the CrowdStrike outage, some doctor’s surgeries reportedly started writing out prescriptions manually to get around the IT issue; and
identify the key internal and external stakeholders and provide them with the necessary information about the nature of the problem, how it is likely to impact them, mitigating steps and an estimation of how long disruption is expected to last.