Analysts believe the ripple effects of global IT upheaval caused by a failed update issued by CrowdStrike earlier this month could spread far and wide, telling Mobile World Live (MWL) one of the biggest issues is the outage highlighted what could happen in a successful cyberattack.

Experts from ABI Research, CCS Insight and Analysys Mason noted the outage raised questions of over-reliance on a single IT services provider along with a need for companies to rethink cloud strategies to bolster their resilience and avoid a repeat of an incident estimated to have impacted 8.5 million devices running Microsoft software globally.

In a research note, J Gold Associates president and principal analyst Jack Gold explained the machines affected cannot be fixed remotely and conservatively estimated the cost of having technicians reinstate them at $701 million.

ABI Research principal analyst Leo Gergs told MWL the CrowdStrike incident “showcased, in the most brutal and devastating way”, that global IT systems “are precariously perched on a knife’s edge”, regardless of how advanced they are.

He said the matter is a “stark reminder” that tech giants including Microsoft “are not immune to significant failures”, with a global impact “shaking the foundations of our digital lives”.

Quote Icon

Like a towering wave crashing against an unexpected reef, the impact sends tremors through the entire ocean.

Leo Gergs – principal analyst ABI Research

CCS Insight chief of Enterprise Research Bola Rotibi noted the outages highlight how highly integrated technology has become, but also how reliant the world is on Microsoft products.

Use of the US company’s products are now so widespread Rotibi believes it “should now be recognised as critical infrastructure for certain businesses and operations”.

Research CCS Insight conducted among senior business leaders in 2023 showed many companies’ business critical operations would be impacted within an hour of losing connectivity, but Rotibi noted such services “also rely on the strength of key validation services, such as the testing process, together with the level of oversight and management in place” regarding deployment of IT systems or updates to current infrastructure.

Rotibi argued it will become incumbent on client organisations to gain a better understanding of what they believe to be business critical compared with what actually is, which will provide “a clearer understanding of the risks involved so that they can then begin to truly question and review the products and systems they acquire from suppliers with a more appropriate risk assessment of third-party support”.

Stormy clouds
Gergs believes companies must go further by adopting a hybrid cloud strategy to provide a degree of resilience against future incidents.

He said the CrowdStrike problem is a “rude awakening” for enterprises which entrust all their digital assets to a single cloud provider, a strategy which can have “disastrous consequences when things go wrong”.

ABI Research estimates industrial enterprises alone generated 1.9 zettabytes of data in 2023, including “critical data essential for operations” spanning production and emergency shutdowns. “The failure of these systems can have dire consequences, even risking human lives”, Gergs said.

Quote Icon

The outage also casts a shadow over the reliability of public cloud services for mission-critical operations.

Leo Gergs – principal analyst ABI Research

Gergs said hybrid cloud models based on a combination of public and private elements offer companies a better balance along with “a safety net when the public cloud falters”.

He believes the credibility of centralised cloud services has taken a “severe” hit, “with businesses facing operational chaos, financial losses and tarnished reputations”.

“The economic impact could easily reach several billion US dollars in a single day, much like a devastating storm disrupting a calm sea.”

Companies are now likely to rethink digitalisation strategies, “spreading workloads across multiple providers and on-premises systems to enhance resilience”.

Analysys Mason director Oscar Birnbreier agreed the CrowdStrike incident is a “stark reminder that unforeseen incidents can occur at any time”, in turn “highlighting the critical importance for companies to be well-prepared”.

Quote Icon

Having robust processes and contingency plans in place is essential to mitigate potential risks and ensure business continuity.

Oscar Birnbreier – director Analysys Mason

Security and control
At the height of the outage, CrowdStrike CEO George Kurtz made it clear it was “not a security incident or cyberattack”.

Nevertheless, Gergs and Rotibi each noted the matter highlighted what could happen in the event of a successful mass cyberattack.

Rotibi said a successful cyberattack would have yielded “a similar type of fallout” to the “unfortunate lapse” in CrowdStrike’s update process. She said the company will ultimately be expected to “provide a transparent and comprehensive root cause analysis of what went wrong”, along with actions to mitigate the risk of it happening again.

Gergs explained the CrowdStrike incident “serves as a warning of the potential consequences of a malicious cyberattack, which is increasingly likely in our era of hybrid warfare”.

All three analysts believe the incident also highlights the need for regulation.

Birnbreier said the situation “underscores the value of regulatory frameworks designed to enhance resilience”.

“These regulations are not just bureaucratic hurdles, but are instrumental in fortifying the defences of organisations against a myriad of threats.”

Rotibi believes CrowdStrike’s efforts to rebuild trust and confidence will spur “a more honest dialogue between suppliers, third-party support providers and client customers”, ultimately increasing the commercial footprint of services and products.

“I suspect this will add another dimension to the customer experience models and solution set of many supplier’s advocates.”

Quote Icon

I am sure various regulatory bodies are going to have a field day with this and I don’t doubt it will have its chapter in the annals of disaster recovery case studies.

Bola Rotibi – chief of Enterprise Research CCS Insight

Gergs tipped the incident to boost the private edge computing sector, “as companies seek to decentralise processing and storage, bringing them closer to the data source”.

He also expects nations to step up efforts to deploy sovereign clouds to offer “additional security and integrity for enterprises critical data”.

“Significant investments, like AWS’ €7.8 billion investment in the AWS European Sovereign Cloud in Brandenburg, will become more common as we navigate these turbulent digital seas.”