"Are You a CEO, Director, or Founder interested in a Feature Interview?"
All Interviews are 100% FREE of Charge
Over the past few hours, major airlines have been plagued by unstable communication systems. Fast food restaurants, grocery stores and major retailers have been plagued by cash register malfunctions. CrowdStrike also provides services to Microsoft, so the update caused machines running Microsoft’s Windows operating system to crash as well.
Meanwhile, online, IT professionals are lamenting how they could have simply avoided all of this by turning off automatic updates.
“Every IT person learns this lesson the hard way at one point. I just posted a comment the other day explaining why automatically updating your infrastructure is a bad idea, and now I’ve gone back and added this as an example,” one savvy IT person wrote on Reddit.
Several X users echoed similar sentiments.
“Sometimes I convince myself there are adults in the room and people aren’t just making things up on the spot,” one X-user wrote, “and then basically every major airline, airport, hospital, emergency system, bank, etc. goes down because they’re all running kernel-level junk that auto-updates.”
Another X account specializing in cryptocurrency trading posted a disclaimer saying “automatic updates pose a system risk.”
Cybersecurity experts said automatic updates typically help companies respond quickly to global threats.
“Of course, not having automatic updates turned on in this case would have saved the company, but automatic updates are there for a reason – to respond to new threats and vulnerabilities around the world as quickly as possible,” Nadir Israel, co-founder and chief technology officer at cybersecurity firm Armis, told Business Insider. “There was clearly a catastrophic failure there in this case, and it will likely impact how tools handle automatic updates in the near future.”
Israel said Armis itself doesn’t use automated updates, instead having people on standby to check for and deploy updates, “but for larger enterprises, this may not be a feasible process,” he said.
It remains to be seen whether the outage will prompt cybersecurity companies to rethink their approach to automatic updates, but for companies that use these tools, it’s best to enable multiple lines of defense, according to Andrius Minkevičius, co-founder of CyberUpgrade, a company that specializes in cybersecurity solutions.
“This incident is a stark reminder that relying solely on technical defenses is not enough — organizations need to have multiple control mechanisms and security measures in place for each potential attack vector,” he told BI in an email.
"Elevate Your Brand with an Exclusive Feature Interview!"