When your cybersecurity company, responsible for protecting against harmful malware, causes the largest global IT outage in history, you really have nowhere to hide. So Sean Henry cuts right to the chase.
“We let you down on Friday, and I’m deeply sorry for that,” CrowdStrike’s chief security officer wrote at the beginning of the post.
Just hours before the end of the work week, an update rolled out from the cloud caused Windows-based computer systems to crash, boot and crash again in an infinite loop with nothing but the so-called BSOD, or “Blue Screen of Death.”
Critical industries around the world that use Crowdstrike’s Falcon software, such as airlines, banking and health care, were knocked out for hours or even days. Delta Air Lines is still struggling, canceling hundreds of flights on Monday, leaving passengers stranded for days.
This CrowdStrike outage was a nightmare. Imagine having to walk to every downed system and manually fix it. FDE is even worse.
I had flashbacks and reboot loops of Nimda, but this was worse. pic.twitter.com/qY5apjMBaU
β Tim Medin πΊπ¦π» (@TimMedin) July 19, 2024
“To have all the confidence that we had built up over the years in little bits and pieces disappear in a matter of hours, it was a blow,” Henry continued. “We have failed those we work to protect, and to say we are devastated is a gross understatement.
The sincere contrition expressed was a marked departure from the message from CEO and founder George Kurtz, whose stock has lost about a quarter of its value as investors await news of possible lawsuits.
Kurtz’s initial statement on Friday seemed so cautious that customers could be forgiven for thinking the problem might lie elsewhere. With no direct admission of CrowdStrike’s culpability, there wasn’t even a brief apology.
Not even an apology? A bold strategy.
β Tom Warren (@tomwarren) July 19, 2024
His reaction was a bit surprising. In theory, Kurtz should have some practice in crisis communications, as he served as McPhee’s chief technology officer when McPhee also brought down millions of computers around the world in 2010.
Now, U.S. House leaders are asking Kurtz to testify before Congress to explain why the software update failed.
The businesses most affected are those providing critical services
For some clients, his CSO’s words came too little, too late.
“We just removed Crowdstrike from all systems,” Elon Musk tweeted on Friday, though it was unclear whether he was referring to one of his businesses or all of them.
We just removed Crowdstrike from all systems so there is no rollout at all
β Elon Musk (@elonmusk) July 19, 2024
Itβs difficult to accurately measure the damage his software company has done to the world in terms of lost economic output. Microsoft estimated that as of that day, only 8.5 million Windows devices (less than 1% of all computers) were affected. The problem is the industry concentration that relies on CrowdStrike’s Falcon software.
“While the percentage is small, the broad economic and social impact reflects the use of CrowdStrike by enterprises running many critical services,” Microsoft said on Saturday.
Investors have since flocked to smaller rival SentinelOne, whose shares have risen more than 20% since Friday. CrowdStrike’s failure may also be a factor in why cybersecurity company Wiz is passing on a deal to be acquired by Google parent Alphabet in a deal reportedly worth $23 billion.
After seeing the pullback in Crowdstrike, analysts at Deutsche Bank tried to rush out a brokerage report, viewing it as a short-term buying opportunity in such a high-quality stock.
“However,” it added, “Ironically, we were unable to publish our original research due to the outage itself.”
CEO Daily provides the critical context news leaders in the business world need to know. Every weekday morning, more than 125,000 readers trust CEO Daily to get insights on the C-suite and beyond. Subscribe now.
