CrowdStrike still reputable, blowback will be short: Expert

A global tech disruption occurred for some users of Microsoft (MSFT) systems on Friday. One issue is a CrowdStrike (CRWD) update to some Windows devices that impacted operations across companies worldwide. Defused Cyber Deception Researcher and Founder Simo Kohonen joins to discuss the implications for CrowdStrike and the broader cybersecurity landscape.

Kohonen explains that CrowdStrike "pushed out a faulty update" that, when installed, "broke everything," affecting industries globally. He emphasizes CrowdStrike's reputation as the "top number one cybersecurity company in the world" and notes that their extensive customer base amplifies the scale of this issue. While the issue is fixable, he cautions that the timeline for resolving this problem may vary.

"From a very technical perspective, if you want to run this type of software which has a lot of capabilities, with great power comes great responsibility," Kohonen told Yahoo Finance. He adds, "I think CrowdStrike will have a lot of conversations with their current customers and their future customers about what they're doing differently. They might take a short-term hit from it, but they're still an extremely reputable vendor."

For more expert insight and the latest market action, click here to watch this full episode of Morning Brief.

This post was written by Angel Smith

Video Transcript

Let's talk a little bit more about the outages for that.

We want to bring in Simo Konnen.

He is diffused a cyber deception researcher and founder and diffuses a Finland based network security company.

So it's great to have you.

Thanks so much for hopping on with us here at the top of the hour, I think, first, just take a step back t tell our viewers what exactly went wrong and what's happening right now.

Well, yeah.

Um so one of the biggest cybersecurity vendors in the world, um seemed to have pushed out a faulty update which essentially when it was installed, it broke everything.

Um And that's why you're, you're seeing so many companies out there just completely knocked down to their knees.

Uh We're speaking of vendor here, crowdstrike who many, many hope to be the, the top number one cybersecurity company in the world.

They have about 70 of the 100 fortune 100 companies as customers.

I think over 250 of the Fortune 500.

Uh so the scale they have in, in their customer base is huge and that's, that's probably the biggest driver of the uh the issue at hand right now, what, what type of quality assurance tests to up like this updates like this go through typically before they even get pushed because it seems like this is something that maybe could have been avoided just to make sure that there was, you know, some compatibility with all of the different systems that are intertwined around what crowdstrike offers here.

Yeah, I mean, um, things happen, right.

The, the nature of the specific uh component that seem to have contained the uh faulty uh bits to it.

Uh It's something that sits in a very low level of, of the computer systems.

And so in these areas, like having one bite in the wrong direction can crush things.

Um I'm extremely sure, uh Crowdstrike has some very robust uh quality control testing routines, all of that sometimes Snus like this can happen even even, you know, regardless of, of whether they are running best practice.

Siva, how long does it take to correct something like this?

Uh It depends a bit.

I, I know it's, it's a, a bit of a, a master.

Uh but it depends very much on where the, the agent is running.

So if uh the, the user of the agent can easily run the update routine or revert to the previous version, uh which is a, a big, if, then it should be fairly straightforward.

Um I know some pro strike customers hadn't actually received the update yet.

So some dodged the, the bullet completely.

Um If it happens that they have to use, uh the manual routine, which was a fallback provided by crowdstrike for the situation.

Uh Again, depending on scale, it might take very long time, you know, between 5 to 10 minutes per, per system, uh to actually restart things.

And if you think about the scale of computer systems globally, you know, if you have to run this type of routine for AAA set of computers of, you know, in the scale of of thousands, then it can easily take quite quite a long time crowdstrike, Ceo George Kurtz, who is, who has spoken with Yahoo Finance on multiple occasions before making some media rounds this morning, apologizing for this mistake and for this outage, what type of kind of longer term impact do outages like this have in terms of new, new customers, net new customers that companies look to bring on to use their services like Crowdstrike is dependent on for their continued growth.

Well, I'm I'm very sure a lot of crowd strike competitors will, will jump on the occasion and, and you know, jump on the opportunity to take, take advantage of it.

But from from a very technical perspective, you know, if you want to run this type of software, which, which has a lot of capabilities, you know, with, with great power comes great responsibility, it, it will, you know, regardless of the vendor, it will require quite low level privileges to run.

Um, I think crowds strike will have a lot of, lot of conversations with, with their current customers and their future customers about what they're doing differently.

Uh, I think they might take a, a short term hit from it.

Uh, but they're still an extremely reputable vendor.

Uh, I'm very skeptical whether it will turn into a long term, uh, bad thing for them essentially, but real quick, we only have about 30 seconds here.

But is this is something like this almost unavoidable or is there a way to prevent something like this from happening again?

Well, on, on a long enough, uh, time scale, it's, it's, you could say that it's unavoidable, you know, mistakes happen and, and, uh, even though this looks like a basic one, sometimes we see things like this, I'm, I'm sure we won't see another one in the, in the next 10 years.