CrowdStrike said in the post-incident review that it’s taking steps to prevent future problems with software updates.
CrowdStrike CEO George Kurtz announced on Thursday that 97 percent of the Windows sensors affected by a problematic software update that caused last week’s global IT outage have been restored.
“To our customers still affected, please know we will not rest until we achieve full recovery,” he added.
Specifically, there was an undetected error in an update for CrowdStrike’s security software that provides new instructions to the software on how to spot and stop novel threats.
Computers running Mac and Linux operating systems were not affected by the update bug.
“I am deeply sorry for the disruption this outage has caused and personally apologize to everyone impacted. While I can’t promise perfection, I can promise a response that is focused, effective, and with a sense of urgency,” Mr. Kurtz said in his message.
CrowdStrike said in the post-incident review that it’s taking steps to prevent future problems with software updates. The company is bolstering its testing and validation processes and will be releasing future updates in a gradual and staggered way.
The company is also giving customers more control over when and where updates are deployed, and offering detailed release notes for the updates.
CrowdStrike, founded in 2011 and based in Austin, Texas, provides cloud-based software that protects computer systems from cyberattacks for tens of thousands of companies, including 300 of the Fortune 500. Their software has deep access to key parts of computer operating systems.
Experts say that the outage raises important questions about the vulnerability of the world’s technological infrastructure.
“Media and government attention around tech policy over focuses on social media content problems while often ignoring the more critical issues around underlying infrastructure,” Ms. DeNardis wrote. “There are hidden layers of infrastructure—cybersecurity platforms, protocols, the Domain Name System, routing and addressing, satellite systems—upon which everything depends.”
While there’s little scope for ordinary citizens to affect the bigger issues of bolstering the security of critical infrastructure, Ms. DeNardis writes anyone who connects to the internet for things like email can take steps to help reduce cyber risk. This includes using complex passwords, using multi-factor authentication, keeping software up-to-date, never using unsecured Wi-Fi networks, and using a virtual private network.