CrowdStrike’s unforced error puts its reputation on the line

CrowdStrike’s unforced error that took global IT systems and networks offline Friday quickly put the cybersecurity vendor’s reputation on the line, and initial reactions suggest the recovery won’t come quick or easy.

The damages caused by CrowdStrike’s defective software update put a dent in the company’s armor, “but this is a black swan event that any vendor is susceptible to,” said Eric Grenier, director analyst at Gartner.

“This isn’t the first time a software vendor has sent out a bad patch and it probably won’t be the last time,” Grenier said. “The magnitude of this bad update is so large because the number of devices running both CrowdStrike and Windows is so high.”

CrowdStrike ended 2023 with a 14.7% share of the global market for endpoint protection platforms based on revenue, according to Gartner.

In an industry overwhelmed by cyberattacks and malicious activities, the prevailing reaction from cybersecurity professionals is that last week’s global IT outage could and should have been avoided.

The defect contained in a CrowdStrike Falcon sensor update, which was applied to many of its customers’ systems, presents fundamental questions about the major cybersecurity vendor’s software development processes and procedures. CrowdStrike’s defective software update impacted customers running Windows-based systems.

“This was most certainly preventable. This sort of release goes to the importance of change and configuration management,” Tom Marsland, VP of technology and technical services at Cloud Range, said via email.

Multiple fail-safe procedures are designed to prevent the widespread release of botched code and the disruptions that could follow. Best practices dictate software updates should be tested internally then released to a small group of users before they are distributed for production environments, according to experts.

“That is done specifically to catch problems with updates before they affect the entire ecosystem. Either that didn't happen here at all, or that process failed to catch this bug, which is a problem in and of itself,” Marsland said.

The real test ahead for CrowdStrike will center around the company’s response and the measures it implements to mitigate risks of this scale in the future.

“I think it will cause Crowdstrike to review their update practices and fortify them and make them better,” Grenier said.

In a letter sent to customers on Friday, CrowdStrike CEO George Kurtz committed to provide full transparency on how the defective update occurred and the steps CrowdStrike is taking to “prevent anything like this from happening again.”

In the interim, any company that sells endpoint protection services to enterprises stands to benefit from disgruntled CrowdStrike customers who might be looking for alternative vendors, according to Grenier.