Newswise — A West Virginia University cybersecurity expert says the recent worldwide technology outage that grounded flights and disrupted hospitals, banks, businesses and governments should serve as a warning that society cannot rely solely on Microsoft or similar platforms for day-to-day operations.
A faulty Microsoft software update from CrowdStrike, a cybersecurity firm used by more than half of all Fortune 500 companies, sent systems into a tailspin on July 19.
Christopher Ramezan, assistant professor of management information systems and cybersecurity in the WVU John Chambers College of Business and Economics, said the outage revived his concerns of overdependence on a small number of software platforms and companies while also reinforcing his belief in the importance of information technology fundamentals being taught in colleges.
Quotes:
“Incidents like the CrowdStrike outage can be eye-opening on how reliant we are on a handful of software platforms and companies which dominate so much of our critical infrastructure. A simple bad software update can affect so many disparate systems and industries, from airlines to hospitals. Think about how dependent we are on Microsoft systems within corporate America, even the world. If you can’t boot your Windows operating system, you have a huge problem.
“What happens when you can’t get to Google? Google had a major outage affecting their services back in 2020 and, again, it caused a tremendous amount of disruption across numerous sectors. Major tech companies offer so many professional, enterprise-grade services these days which have been embedded and intertwined into our daily lives. When they are suddenly unavailable, the disruption is massive.
“This also places a tremendous amount of responsibility on the tech companies and vendors, as small configurations and changes can lead to massive outages. When thinking about critical infrastructure, we often think of power grids or water treatment facilities. People often forget that information technology is a critical infrastructure sector. Our daily lives are surrounded by enterprise IT systems. Outages like this really underscore the critical nature of these systems.
“This may cause some businesses and organizations to take a step back and reassess their risk posture when it comes to some of these large services and determine alternative plans to maintain continuity of operations and organizational resilience in future outages. To me, it’s not a matter of if, but when future outages occur. Businesses and organizations should plan accordingly. Accidents and incidents happen.
“Why I found this incident to be particularly interesting is that it highlights the importance of information technology teams and systems administrators for providing incident response and business continuity in the face of such widespread outages. In academia and industry, sometimes we overemphasize teaching students about the latest concepts and technologies like ‘cloud’ or ‘zero trust’ or ‘generative AI’ and forget about the importance of IT and system administration fundamentals.
“IT support teams and system administrators were the ones on the frontlines attempting to troubleshoot solutions and restore operations. It’s ironic that we sometimes place so much focus on guarding against advanced cyberthreats and incidents, when just a simple bad update or configuration error can cause as much disruption as a large-scale cyberattack. To me, this highlights that teaching systems administration and IT fundamentals remains critical for any cybersecurity, IT or information systems student to better understand how to improve organizational resilience and provide business continuity in the face of future vendor outages.” — Christopher Ramezan, assistant professor, management information systems and cybersecurity, WVU John Chambers College of Business and Economics