On July 24th, US computer security technology company CrowdStrike released its preliminary review results on the recent large-scale network failures. At the same time, the affected institutions have stated that they are considering making accident claims. Industry insiders have suggested that when performing system software upgrades and other operations, it is best to make cautious decisions and seek the help of artificial intelligence.
In its latest announcement, "Zhongdao" stated that a vulnerability in the content configuration update of the network security platform caused a large-scale Microsoft operating system crash, stating that this vulnerability allowed for the deployment of "problematic content data" to client computers, triggering an "unexpected exception".
As part of the new preventive measures, "Zhongdao" company stated that it has strengthened internal testing and implemented "new checks" to prevent the deployment of "such problematic content" again. In addition, the company will also stagger the release time of updates and provide more detailed information about its planned updates. At present, the company is working to restore all systems affected by previous technical failures as soon as possible, and "a considerable portion" of the approximately 8.5 million affected devices have been restored to normal operation.
On the 19th, due to the release of software updates by "Zhongdao" company, Microsoft Windows system, other Microsoft applications and services experienced a large-scale outage, causing multiple industries such as aviation, railway, shipping, finance, healthcare, and hotels to be unable to operate normally. The work and life of many enterprises and individual users were seriously disrupted. The stock price of "Zhongdao" company has fallen by more than a quarter in recent trading days.
A Malaysian official stated on July 24th that they have requested Microsoft and "Zhongdao" company to consider compensating the companies that suffered losses during last week's global network service interruption. It is reported that 5 government agencies and 9 airlines, banks, and healthcare companies in Malaysia have been affected.
The official stated that they have met with representatives from Microsoft and CrowdStrike to seek a complete report on the incident and requested both companies to take measures to prevent similar incidents from happening again. In addition, the Malaysian government will also assist with claims if possible.
So far, the total amount of losses incurred by the Malaysian side has not been determined. Insurance company Symbolitan stated that excluding Microsoft, Fortune 500 companies in the United States are facing financial losses of up to $5.4 billion due to the disruption caused by the "crowdsourcing" of companies.
The Wall Street Journal cited Vice President Timothy McDonald's view that IT department heads should require suppliers deeply integrated within IT systems to meet "very high standards" in terms of development, release quality, and assurance levels. This includes requesting existing suppliers to explain how they wrote the software, what tests they conducted, and whether customers can choose the release speed of updates.
This type of incident reminds the Chief Information Officer (CIO) community how important it is to prioritize deployment and testing of programs and practices to ensure availability, reliability, and security, "said Faro, Chief Information Officer of Infoblox, an IT automation and security company.
Some Chief Information Officers (CIOs) have stated that although automatic software updates have become the norm and a recommended security practice, the "crowdsourcing" company's blue screen incident reminds everyone to pause for now.
Industry insiders suggest that companies should establish a 'clean room', which is an environment isolated from other systems, and use it to push critical systems back online. Enterprises should also conduct desktop exercises to simulate various risk scenarios, including IT failures and potential network threats.
People are not good at discovering errors in thousands of lines of code, "said Haideli, CEO of SandboxAQ, an AI and quantum computing company." We need to train AI to find interdependencies between new software updates and existing software stacks