Today at 14:11
Insurer Parametrix has calculated the damage caused to major US companies by last Friday’s global computer outage, when an automatic update of CrowdStrike anti-virus software disrupted IT systems around the world.
As a result, according to insurers’ estimates, in the United States alone, the 500 largest American companies by revenue (excluding Microsoft) suffered losses totaling about $5.4 billion, the BBC reports.
Part of the damage caused was insured, but the insurance payout will cover only 10-20% of the actual financial losses.
CrowdStrike CEO George Kurtz has been subpoenaed to appear before the US House Homeland Security Committee.
“This incident should serve as a warning to all of us and a clear example of the national security risks posed by Internet addiction,” the congressmen said in a letter sent to Kurz.
CrowdStrike management must respond to the letter and set a hearing date by Wednesday evening at the latest.
So far, they have promised to improve software testing methods to prevent a repeat of the global computer failure.
Friday’s incident caused by CrowdStrike caused widespread disruption to banks, hospitals and airlines around the world, as the updated program hit the Windows operating system and caused the so-called “blue screen of death” to appear.
13:47 July 19
According to the latest data, the faulty update caused about 8.5 million Microsoft Windows computers to crash. Crowdstrike CEO George Kurtz issued a public apology for the fallout from the failure.
The company released a detailed analysis of the incident on Wednesday, saying the problem was caused by a bug in a system that was supposed to check software update compatibility but for some reason failed to do so.
CrowdStrike assured that the incident can be prevented from happening again with better software testing and inspections, as well as more attention from developers.
But cybersecurity experts say the audit revealed serious misconduct by the company.
“The analysis clearly shows that CrowdStrike’s software had no safeguards in place to prevent or even reduce the risk of such incidents occurring,” cyber security consultant Daniel Card told the BBC.
Another cybersecurity expert, Kevin Beaumont, agrees with this assessment. In his opinion, the main conclusion of the analysis published by CrowdStrike is that the company does not conduct testing, does not consistently expand the range of clients, as is usually done, but “distributes” updates to everyone at once.
“They simply rolled out the update to all customers at the same time as part of a so-called ‘quick response’, which was obviously a huge mistake,” the expert said.
At the same time, Sam Kirkman of cyber security company NetSPI told the BBC that CrowdStrike was “taking steps” to prevent such failures.
According to him, these steps were “probably effective and prevented many incidents, but only until last week”.
Stay tuned this summer Telegram, Facebook, Instagram, Yandex.Zen, OK AND VC