Posted on

How the CrowdStrike outage revealed software’s Achilles’ heel

It’s not a cybersecurity incident, but a glaring issue with cybersecurity today — dependency.

CrowdStrike is currently facing multiple lawsuits following the July 2024 outage. Angry customers are seeking compensation for extensive disruptions and financial consequences incurred due to the incident. Its widespread impact has also resulted in a class action lawsuit being filed against the company for negligence.

Although the issue was reversed within 79 minutes, the recovery process was complex and time-consuming. A quick fix was not possible here.

The incident begs the question: how reliable and stable are software security solutions in keeping us protected at all times? When the reason for acquiring software security is to enhance your operations and protect your organisation, organisations can ill-afford disruptions coming from the security provider.

As the dust settles, cybersecurity experts must advocate for a change in how organisations approach risk management and security solutions. While this event was not a cyberattack, it has underlined the vulnerabilities in software-dependent security measures and the need for a more holistic approach to cybersecurity.

The possibility of disruptions resulting from software defects or update problems becomes a major issue as companies depend more and more on software solutions to guard their digital assets. The CrowdStrike outage, which led to widespread crashes of specific Windows systems, is a stark reminder of the delicate balance between security and operational stability.

Limitations of software-based security

Blue Screens of Death (BSOD) and system crashes following software updates are not unique to this incident. In a separate incident that same month, Microsoft users reported that their computers were crashing every 30 minutes following a security update.

These incidents raise important questions about the architecture of security solutions and the potential benefits of diversifying cybersecurity strategies. While software-based security remains important for detecting known threats, the need for integration and complex layering of software systems creates a labyrinth of potential challenges. The interdependency that is characteristic of the software ecosystem means that countless entry points and vulnerabilities become interlinked, allowing multiple points of disruption and long recovery times.

Also Read: Embracing AI evolution: The crucial role of data management and cybersecurity in AI success

The promise of intelligent hardware-based security solutions

Running counter to such issues, hardware-based security solutions have unique benefits. From the silicon level, they operate independently from the software layer and can provide an additional line of defence without interfering with core system processes. This independence is particularly useful in instances where software vulnerabilities or update issues might compromise the integrity of the security system itself.

Just as an external auditor reviews a business’s processes without disrupting or complicating its operations, ideal security solutions should integrate seamlessly to maintain the functionality and workflow of existing systems while providing robust protection.

Moreover, integrating Artificial Intelligence (AI) into hardware-based security solutions presents exciting possibilities for addressing one of the most significant challenges in cybersecurity: zero-day attacks. Unlike traditional software solutions that rely on known threat databases, AI-powered hardware security operating at the hardware layer does its work in an engineered enclave environment. This gives it the potential to identify and respond to new and unknown threats in real-time without the need for constant human updates.

Encouragingly, the concept of non-disruptive security measures is gaining traction in the cybersecurity community which has long relied on software solutions as its main line of defence — but it needs to move faster.

Digital transformation and cybersecurity challenges

The need for robust and adaptable cybersecurity measures is particularly dire in regions experiencing rapid digital transformation, such as the Asia-Pacific (APAC). According to IDC, Asia-Pacific is leading the charge in digital transformation spending growth, with an expected 18.9 per cent increase in 2024, outpacing North America (15.7 per cent), Europe (13.6 per cent), and Latin America (11.3 per cent).

This accelerated pace of digital adoption in Asia-Pacific presents both opportunities and challenges. As organisations in the region embrace new technologies at a faster rate than their global counterparts, ensuring the security and stability of these systems becomes increasingly critical and complex.

Also Read: How Flexxon aims to solve AI’s cybersecurity problem through hardware-focused approach

The rapid digital transformation in Asia-Pacific also correlates with higher cybersecurity risks. In 2023, the World Economic Forum reported that the average number of cyber attacks per organisation in the APAC region is approximately 47.04 per cent higher than the global average. This higher incident rate shows the urgent need for more advanced cybersecurity measures in the region as it continues to lead in digital transformation.

This reality highlights the need for a more holistic approach that combines the strengths of both hardware-based and software solutions. As we move forward, it’s clear that the future of cybersecurity lies in this balanced hardware-software approach.

A call for a holistic approach

The CrowdStrike outage should be a wake-up call for organisations worldwide. It shows the urgent need for diverse security strategies and innovative solutions that can operate independently of core system processes. Organisations can build more resilient systems capable of withstanding future cybersecurity challenges by adopting a holistic approach that combines the strengths of software and hardware-based security measures. Integrating AI-powered hardware security into existing cybersecurity is how we get the robust, adaptive, and non-disruptive security that we all need.

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic.

Join us on InstagramFacebookX, and LinkedIn to stay connected.

Image credit: Canva Pro

The post How the CrowdStrike outage revealed software’s Achilles’ heel appeared first on e27.