- author, Zoe Kleinman
- role, Technology Editor
-
As the global chaos subsides and systems begin to come back online, the massive IT outage that wreaked havoc around the world on Friday is revealing some uncomfortable truths about the foundations of our digital lives — and just how fragile they are.
The outage showed that even a platform from a giant like Microsoft, which is well-funded and invests heavily in robust system security, can be brought down by an accidental error in a software update issued by an independent cybersecurity firm. The impact could be devastating, because Microsoft-powered computers are at the core of much of our technology infrastructure.
It reveals how dependent we are on that infrastructure and, as a result, how helpless we are when problems beyond our control occur.
At the end of the day, when these systems falter, there is nothing you or I can do.
Yesterday I saw an IT expert on TV giving advice to people caught in this storm: “Be patient.” Patience was probably an emotion many of us hadn’t felt at the time, but honestly, for most of us it was the only course of action possible.
Owen Sayers wrote in Computer Weekly that the outage also illustrates “the enormous risks we face when we put all our eggs in one giant global basket.”
He was referring to the vast majority of companies, services and people that rely on a single IT provider, which is easy and convenient, but also means that there is no alternative if something suddenly goes wrong with that provider.
There’s an old saying that convenience is the enemy of security, and this is the biggest example of that I’ve ever seen.
As consumers, it’s hard to escape this grip. When you shop in a store and pay with your card or mobile phone, you’re relying on someone else’s technology to smoothly process your transaction. It’s becoming less and less likely that you’ll have no choice: Many businesses are no longer accepting physical cash at all.
For small businesses, budgets are tight.
“In some cases, the choice of a single vendor comes down to cost,” says Alina Timofeeva of IT research institute BCS.
“The reason is that the vendor is so large and powerful that companies don’t anticipate the possibility of it going down.”
This makes sense, but is more small IT providers the solution?
With fewer people relying on a system, you might not experience a massive, seismic outage, but you’d have multiple systems with multiple potential weak spots that could make them easier to hack.
What happened on Friday was not a cyberattack, and Microsoft was quick to point out that the outage was not its fault, but questions clearly remain about how cybersecurity firm CrowdStrike’s disastrous Falcon update managed to slip through the net.
“There are going to be people at CrowdStrike who are now in big trouble for not getting this right,” said Victoria Baines, a professor at Gresham College in London.
“And there will be a lot of people working this weekend.”
