23.7.2024 | School of Business
Our dependence on IT and the Internet in the digital age: the CrowdStrike case demonstrates our economy’s and society’s exposure and vulnerabilities.
On Friday, 19 July 2024, a bug in a software release from US software company CrowdStrike (allegedly) caused a ripple effect that affected the IT infrastructure of millions of organisations, throwing critical infrastructure such as airports, hospitals, retail chains and universities into an IT crisis.
A programming error in a CrowdStrike software update caused Microsoft computer systems to reboot (with Microsoft’s famous «blue screen of death» error message being displayed). However, as the computers could no longer start and the software patch to fix the issue could then not be installed automatically, the faulty file had to be deleted manually on the more than eight million affected PCs.
The incident shows how important «cyber resilience» has become. In a networked economy and society dependent on electricity, IT and the Internet, organisations and consumers must ask themselves how they can continue to operate when cyberattacks or internet outages cause crises. How does an organisation react, is there an action plan (keyword “business recovery”), and which backup scenarios and analogue alternatives can be implemented quickly?
The bizarre thing about this IT crisis is that the software that was supposed to protect the organisations caused their systems to crash. This case is a wake-up call: organisations need to update their digital strategies, develop threat scenarios and increase their cyber resilience with technical and organisational measures.
Prof. Dr. Marc K. Peter, Head of the Competence Center Digital Transformation at the FHNW School of Business, spoke to Marcel Sigrist on Swiss national TV station SRF about the global IT crisis triggered by CrowdStrike: