From airlines to banks to car dealerships, a string of outages or cyberattacks in recent months left the public dealing with difficulty accessing services for days on end.
Cybersecurity experts say it should serve as a “wake-up call” in terms of our reliance on big tech — sometimes on single brands that play a central role in how businesses operate.
Just under two weeks ago, thousands of flights were cancelled, delays were seen at hospitals and banks in some countries saw payment systems affected as cybersecurity firm CrowdStrike said a problem occurred with a faulty update, which they said this past Thursday was due to a bug in the firm’s quality control mechanism.
Customers of many North American car dealerships also faced difficulty signing a new loan or filling out other paperwork after CDK Global, which provides key software, was the victim of a cyberattack late last month that shut down its commonly-used system for days.
Levent Ertaul, cybersecurity professor at California State University East Bay, told Global News impacts like this show the vulnerabilities faced when one system or software becomes a default.
“In one day, we saw that the impact of one single error on the very fundamentals of global economy,” he said. “It showed us how dependent we are to those technologies, also how vulnerable we are … against those one single errors.”
CrowdStrike’s update impacted many computers utilizing Windows, which, when the update was pushed, led to the ever-dreaded “blue screen of death” showing up on computer screens.
Get daily news
Delta Air Lines, which saw some of the worst cancellations, returned to “operational reliability” on Thursday, but still faces an investigation by the U.S. Department of Transportation which said it was ensuring the company was following the law and taking care of passengers amid the disruptions.
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, said in an interview that it shows that while technology has advanced, it’s still in its “infancy.”
“We’re dealing with an internet that was never designed to be secure,” she said. “We’re dealing with a lot of software and systems that were not designed to be secure or to be resilient in the face of human error, or to prevent human error.”
Companies need to have business continuity plans in place, she said.
This can include what some car dealerships did during the CDK incident — switching to pen and paper — to keep the business running just as would be done if a power outage or natural disaster struck.
Depending on the technology you’re relying on, there may not be another system they can utilize.
For example, the update sent out through CrowdStrike was done through Windows, meaning it likely wasn’t something companies could just switch to a Mac or Linux system to continue operating.
Javad Abed, professor of information systems at Johns Hopkins University, told Global News it’s even more key to the need for backups — especially in terms of cybersecurity.
“When you spend millions of dollars, now you’re preventing a crisis in future that can cause serious problems for different sectors, the reputational damage, the huge financial loss as well,” he said. “Maybe using the other vendors, alternative systems that immediately switch to them is more expensive, but it is necessary.”
Alex Hamerstone, advisory solutions director for TrustedSec, said when looking at either situation, whether it’s an effort by hackers, an outage from human error or even because of weather, the outcome is often the same.
“If lightning takes out a transformer or some part of the grid, it shows you what happens when that part of the grid is gone, which is the same effect you would have if a hacker had done it,” he said.
“It’s showing that we have these dependencies that can be exploited, whether it’s through error or whether it’s through human action.”