AEQUORA

Insights

The CrowdStrike Outage, Explained for Friends and Family

Cyber Security

I’m getting a fair bit of questions from non-technical friends and family about today’s IT issues. Thought I’d share my answers with you!

The “Too Long; Didn’t Read” summary:

  • No, your personal computer isn’t impacted.
  • Thank your IT people at work.
  • Be very cautious with anything saying “fix” for Microsoft or CrowdStrike issues; it’s probably phishing.

Is my computer impacted?

The system that had an issue is from a company called CrowdStrike. Many orgs around the world use it to protect their computers. They don’t sell it for personal use, so no, it’s not on your personal computer.

Was it a global hack?

A hack, to me, implies someone acting maliciously. This was a simple data update gone wrong. Just an IT issue, not a hack. CrowdStrike has handled this quite well IMHO, taken responsibility and given guidance.

Why is it taking so long to fix?

Unfortunately there’s no automated fix. IT professionals need to go to each affected machine one at a time and resolve the issue manually. Each impacted company is resolving it at the pace they can.

Can I do anything to help my IT team at work?

Just be patient with them on all requests. They’re probably working overtime and then some, and this is one of, if not the, #1 priority at the moment. Send them kudos, thanks, coffee, etc.

Could it have been worse?

Possibly. Only machines that received the update within a specific time window were impacted. Fortunately machines don’t all update on the same schedule, so as soon as CrowdStrike saw a problem, they were able to push a good update and stop the problem from getting worse.

Are we in the clear?

Kinda. The incident itself, yes. Don’t raise the “Mission Accomplished” banner yet, but the end is in sight.

That said, there has been a spike in phishing/fraudulent activity around today’s incident. Bad actors are trying to capitalize on it. Be wary of things saying something akin to “click here for the Microsoft or CrowdStrike fix.” Again: (1) personal computers aren’t impacted, and (2) there isn’t a fix like that. And no, don’t click “just in case.”

How do we stop this from happening again?

TBD. CrowdStrike has done these updates for a long time, sometimes several times a day. It’s clear something went very wrong and it shouldn’t have happened. I suspect many are trying to answer that question, and I’d believe they’ll share that soon enough.

Originally published on LinkedIn.

← All insights