In any field, trust is important, but especially in banking and financial services. We trust that our cash is available by ATM or ACH or check. In last week’s CrowdStrike outage, a faulty software update took down airlines, stock exchanges and hospitals. CrowdStrike (CRWD) is an American cybersecurity technology company, which assists Microsoft (MSFT) and other corporations with antivirus software for its windows devices. The company sent an update for its Falcon Sensor software, which is designed to stop breaches using cloud technology, and this caused disruption to firms that used the product. It took hours to pull back the update to make Windows computers using Falcon to work. It was not a cybersecurity issue but according to experts, it was a problem with CrowdStrike not properly vetting the update before deploying.
The issue was widespread because there are only three main cloud providers (you may know the names): Microsoft, Amazon (AMZN) and Alphabet (GOOGL). If you hear Azure, that’s Microsoft, AWS is Amazon and Alphabet has Google Cloud. If you work with data on the cloud, it’s one of these three systems. With everyone’s data on one of three systems, it’s like too big to fail, only for technology.
Given the disruption on Friday, cloud systems will most likely change processes to avoid these types of failures in the future. Companies, especially CrowdStrike, will look at better release processes and backups. CrowdStrike’s Falcon is used by nearly all U.S. states and many global organizations. The full reset for companies, etc. may take weeks or months — giving a world-renowned cybersecurity firm a very large black eye.
Dependence on only three big cloud companies means they will always be targets for hackers. It is humorous that the very software, CrowdStrike’s Falcon, meant to keep software safe, took it down for hours. Falcon software is created to protect software from end user issues. That’s us plebeians.
The CrowdStrike issue was not a scam or hacker issue, but there are so many out there that it was the first thing people thought. The biggest thing you can do is be diligent for yourself and the company you work for to avoid problems.
If an email comes in that you are not sure about, call the person. Set up a safe word for your family so you can confirm that the person calling/emailing is who they say they are. Scams have gotten so good that phone numbers can be mimicked, and voices duplicated. It’s scary and will only get worse with AI.
If the person is using pressure and says there is a problem or a prize, it most likely will be a scam. If the person wants to be paid by gift card or cryptocurrency, it is most likely a scam. If you are uncertain, talk to someone you trust before acting. The FTC has information on how to avoid a scam. Cybersecurity is important and it also is important for us to be the first layer of protection.
All investing is subject to risk, including possible loss of the money you invest. Nothing in this article should be construed as investment or retirement advice. Always consult with a professional advisor and consider your risk tolerance and time to invest when making investment decisions. Review your personal situation with a professional before planning any gifting or estate planning.
