2 Minute Drill: CrowdStrike's Content Update Fallout with Drex DeFord
Episode 4724th July 2024 • This Week Health: Newsroom • This Week Health
00:00:00 00:06:01

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Hey everyone, I'm Drex and this is the 2 Minute Drill where I do three quick stories twice a week, all part of one great community, the 229 cyber and risk community here at This Week Health. Today's drill is brought to you by Fortified Health Security. No matter where you're at in your cybersecurity journey, Fortified can help you improve your security posture through their 24 7 threat defense services or advisory services, Fortified.

Delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program. Learn more at FortifiedHealthSecurity. com. Thanks for joining me today. Here's some stuff you might want to know about. To say it was another crazy weekend is probably a massive understatement.

On Friday morning last week, we all started getting calls, including me, asking what the hell is going on. Because millions of machines all over the world were showing the blue screen of death, and they seemed to be unfixable. It turns out that CrowdStrike had issued something called a content update to the CrowdStrike sensor that crashed the Windows machines all over the world.

8. 5 million of them. Nearly any industry running a modern Windows machine and CrowdStrike was affected. So the question becomes, what's a content update? I'll try to do this without getting too deep in the weeds, but CrowdStrike works by installing a tiny sensor. Think of it as it's a little computer program on all of their customers computers.

That little program watches all the activity on that computer, constantly looking for anything that could be considered unusual, like the very earliest stages of a cyber incident. That little sensor also reports all that information back to the CrowdStrike cloud. Not just that sensor, but tens of millions of sensors installed on laptops and PCs and servers all over the world are sending data back to the CrowdStrike cloud.

And on that CrowdStrike cloud database, there's a very sophisticated artificial intelligence engine that is constantly reviewing all of that data, looking for the earliest indications of a compromise or a breach. happening at a customer site. It's probably one of, if not the world's largest crowd sourced information efforts specifically built to find bad guys doing bad things as early as possible so those cyber criminals can be stopped in their tracks.

And that whole plan has worked great for years until now. That little program on all the customer computers, the sensor, it receives regular updates. Content updates from the CrowdStrike cloud. And this happens all the time, sometimes several times a day. Those content updates are like little dossiers on bad guy behavior, the latest information and profiles on what cyber thugs are doing so that in real time, the sensor is looking for that nefarious behavior on every computer where it's installed.

So I can catch the activity and kill it or report it to your security team so they can do something about it. This unique cloud and crowdsourced approach is a big part of what's made CrowdStrike a cybersecurity phenomenon. For the last 10 years, the sensor and those content updates have worked pretty much flawlessly.

And as a result, customers have gone all in on that reliability. And that's great until it's not. On Friday, something in that content update to the sensor tipped over all the Windows machines that had the sensor running, worldwide. A technology disaster probably like no other. While there were a lot of rumors in the beginning that maybe this was a cybersecurity incident, it wasn't that.

It was an outage, an incident. Caused by a cybersecurity company and regardless, the immediate impacts felt very similar. Clinical business and research operators were taken offline and more importantly, it negatively affected patients and families. We often talk about confidentiality, integrity, and availability as cybersecurity goals, the triad, but in this case, availability clearly took a hit.

As for CrowdStrike, a lot of accolades for the transparency and the communication from the company and CEO George Kurtz. I wrote about it over the weekend. They were clear about the problem, they were humble about the mistake, they were quick with the fix for their program, but that still left health systems and other companies all over the world holding the bag On how to recover all those blue screened endpoint computers.

And so you worked all weekend, again, to fix those blue screens. And that was a massive effort. And as a patient, and as a family member of patients, I say, thank you. You put on the superhero cape again, and you saved the day. And I know the work is not done. Please keep going. We definitely appreciate you.

There will be more to this story. There's a ton of info about the CrowdStrike event at ThisWeekHealth. com slash news. And you should read the latest updates direct from the horse's mouth at CrowdStrike. com. And as the story evolves, I'll keep you posted. Thanks again to our two minute drill sponsor, Healthcare Cyber Partner, Fortified Health Security.

With a 98 percent client retention rate and three consecutive best in class awards, Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their security posture. Find out more at Fortified Health Security. And tomorrow, Wednesday the 24th, Fortified's CISO Russell Teague will be my guest on Unhack the News.

And during that podcast, we'll be talking more about, you guessed it, CrowdStrike. That's it for the Two Minute Drill. Thanks for being here. Stay a little paranoid. Thanks again. I'll see you around campus.

Chapters

Video

More from YouTube