#215 CrowdStrike Outage Exposes Cybersecurity Flaws

The CrowdStrike outage over the weekend exposed major flaws in our approach to CyberSeurity, Software Engineering and System Architecture. Darren is joined with returning guest Matthew Pulsipher to discuss the implications of this weekends events.


In today's digital age, cybersecurity is not just a growing concern, it's an urgent and constant battle. Recent incidents like the CrowdStrike mishap serve as stark reminders of the immense implications of cybersecurity. This all-important subject was recently dissected on our highly insightful podcast 'Embracing Digital Transformation', where the vulnerabilities of our current systems and potential cybersecurity solutions were scrutinized.

**The Achilles Heel of Client Computers**

The conversation could have spent more time addressing one significant issue - the treacherous shores of client computer systems. While the centralized nature of server computers allows for stringent protection, client computers need to be more robust due to fragmented management and increased device variability. The podcast hosts underlined the pitfalls of general-purpose systems, exemplified by complete desktop systems running at airport check-ins. Ostensibly for a singular use case, these flexible systems present an attractive target for cyber threats. 

While it would be ideal to lock down such machines, the podcast suggested a reason not to do so: system and infrastructure consistency. Consistency is crucial for cost efficiency, effective training, and quality control.

**The Apple Advantage**

The next riveting point of discussion was the resilience of the Apple iOS system. The hope for superior security does exist, as exemplified by Apple, which steered clear of the recent CrowdStrike debacle. Apple’s defense mechanism lies in its gag on kernel-mode drivers, thereby raising the security bar on its system. Achieving kernel accessibility is possible, but it triggers compliance alarms that deter users. This additional firewall offers superior protection.

However, the silver lining is that this model isn’t exclusive to Apple devices. Computers sticking to singular apps, like airline check-in systems, could strategically adopt these principles. Corporates could also learn from Android's security models, though manufacturers' responsibility for security updates is a crucial drawback.

**Zero Trust: An Effective Paradigm Shift**

The ever-evolving landscape of cyber threats has made the principle of zero trust increasingly important. Zero trust is based on the concept of not automatically trusting any user or device, even if they are inside the corporate network. This approach has gained traction as organizations seek to bolster their security measures.

Legacy operating systems like Windows are facing challenges due to technical debt, which hinders swift updates and improvements. In contrast, more agile smartphone operating systems are able to adapt and update more quickly, potentially offering better protection from emerging cyber threats.

**Regulating Future Actions**

The conversation concluded with a contemplation of future regulatory measures. The hope for systemic change lies in a rehaul of dated system architectures. However, the idea of softening overly strict interpretations of compliance rules and focusing more on practical security was touted as the better way forward, emphasizing the need for change.

In a nutshell, our latest podcast discussion was not just a wake-up call to the realities of today’s cybersecurity threats, but also a beacon of hope. We pointed towards potential solutions, offering a roadmap for navigating this digital age safely without compromising innovation. It's worth a listen for anyone interested in cybersecurity.


#215 CrowdStrike Outage Exposes Cybersecurity Flaws
Broadcast by