Crowdstrike has implemented changes to its safety tools update process following a malfunction in July that disabled thousands of systems globally. During a hearing in the US Congress, Senior Vice-President Adam Mayers stated that customers now have the option to choose when to receive updates, either immediately or at a later time. This flexibility aims to prevent potential issues associated with the installation of new versions.
Mayers also mentioned that Crowdstrike is reevaluating its update checking process internally. The company admitted that their testing tools failed to identify an error in an update over the past decade, leading to damage on over 8.5 million Windows devices. Critical systems like airlines, hospitals, and banks that rely on CROWDSTRIKE products were affected by the malfunction.
According to Mayers, the problematic update was not a typical program code but instead a configuration file containing threat information. Previously, these types of updates were released frequently, sometimes up to 10-12 times a day, without undergoing strict verification like code. However, Crowdstrike now treats them as full-fledged code and subject them to more rigorous checks to prevent future mishaps. Mayers highlighted that this approach is not yet an industry standard.
The process of checking software code at Crowdstrike involves multiple stages, starting with internal testing (“Dogfooding”), followed by validation with first customers before rolling out the update to others. These new measures are expected to enhance security and prevent similar incidents in the future, although specifics on how the verification process will change were not disclosed during the hearings.
Mayers also addressed concerns surrounding Crowdstrike’s deep access to the Windows operating system core. He explained that access to the core is essential for maximum protection against cyber threats and hacking attempts, as many security solution providers, including Crowdstrike, operate at this level to safeguard their products.
Despite the incident affecting over 20,000 customers, including government agencies, Crowdstrike did not provide information on whether the US Department of Homeland Security will investigate the matter or if they plan to compensate customers for their financial losses. Large customers like Delta Airlines, estimating losses of $500 million due to flight cancellations, are considering legal action against Crowdstrike. Economists estimate that the overall damage to Fortune 500 companies from the Crowdstrike update failure exceeds $5.4 billion. Additionally, investors have expressed discontent, leading to a lawsuit from the Plymouth County Retirement Association pension fund following a drop in Crowdstrike’s stock.