Tuesday, July 23, 2024

Just how serious was the Microsoft outage?


By Dr. Tim Sandle
July 21, 2024
DIGITAL JOURNAL

A data center: Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images

The Windows outage caused by the CrowdStrike update is a wake-up call that spotlights the immense vulnerabilities of centralized systems and global cybersecurity, observes expert Denys Tsvaig.

He is a global cybersecurity technology expert, entrepreneur, columnist and author. Tsvaig gained unique experiences in Ukraine’s cyber war against Russia and is a partner of the Cyberpolice of Ukraine, the National Security and Defense Council, and he is a member of the Public Council at the Ministry of Digital Transformation of Ukraine and the Public Council of the Ombudsman for Personal Data Protection.

Tsvaig tells Digital Journal that he believes what we’ve witnessed within the last 24 hours is just the tip of the iceberg.

“Banks aren’t working. People can’t get their money. Families can’t buy food because supermarkets are down. Flights are canceled. There’s no power. Military stations are operating on backup generators and traffic lights are out resulting in accidents. Multiply this on a global scale and I’m afraid we will see the real consequences of a cyber war,” Tsvaig explains.

Tsvaig understands these problems firsthand, being on the receiving end of the Russian attacks on Ukraine in 2021 and he is an advocate of the benefits that blockchain technology offers as a solution to the weaknesses within centralized systems.

In a statement Tsvaig writes: “Decentralization, particularly through blockchain technology, offers a promising solution to these vulnerabilities. By distributing data and control across multiple nodes, decentralized systems can prevent single points of failure. Here’s how decentralization can revolutionize cybersecurity and digital resilience.”

He goes on to consider the explanation behind the current cybersecurity vulnerabilities and the importance of prioritizing long-term solutions.

Also commenting on the incident is Al Lakhani, CEO of IDEE, said: “Many people might be thanking Microsoft for their accidental day off, but countless businesses are suffering due to Microsoft’s and their partners’ failure to maintain their services. This incident underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation. Microsoft clearly fell short in this regard, and we are witnessing a cascade of operational failures around the world as a result.”

Photo: — © AFP Josep LAGO

He elucidates: “CrowdStrike’s platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues. For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure. Moreover, agents can become a single point of failure, as a bad update can compromise the entire network, as seen with the SolarWinds attack.”

Furthermore, in drawing a conclusion: “The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient. This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences.”

No comments:

Post a Comment