The past two decades have seen an unprecedented evolution in the landscape of cybersecurity. From the early days of widespread viruses, worms, ransomware like WannaCry, Conficker, Heartbleed, to sophisticated, state-sponsored cyber espionage operations like Stuxnet and SolarWinds, the trajectory has been clear: cyber threats are becoming more complex, more frequent, and more impactful.

The Lessons from CrowdStrike

The recent global outage caused by CrowdStrike's security platform underscores a critical lesson: even the most advanced cybersecurity solutions are not infallible. This outage could have been avoided perhaps if only lessons had been learned from a similar incident on their Linux-based clients (June 24). Unfortunately, CrowdStrike's fast-paced culture struck again, this time hitting Windows-based systems hard and again due to the inadequate release and testing processes.

Much of the global press misattributed the issue to Microsoft, but the root cause of this issue lies deeper. Starting with the kernel drivers being allowed to run in Ring Zero – why? - because we want performance. The original Windows New Technology NT design called for the drivers to run on higher rings thus preventing the BSOD, the compromise was made with the introduction of NT4, with the use of tooling such as signed drivers, validation testing, memory protection etc; and so in my view, it is somewhat negligent that CrowdStrike failed to do this and were allowed to do so.

As architects and IT managers, we bear responsibility too. Relying too heavily on a single tool, and not ensuring adequate testing from the supplier.

CrowdStrike marketed itself on rapid threat detection and mitigation, a necessity in the face of zero-day vulnerabilities. It provided a formidable shield, making detection difficult and systems almost impregnable to penetration testers. However, the bigger picture reveals that our reliance on such tools must be balanced with diversity and resilience if we are to keep to our defence in depth approach, here we have sacrificed the depth for pace and this is the time to look again at this.

The many risks on the horizon

The CrowdStrike outage is a stark reminder of the risks ahead. I list some potential catastrophic failure scenarios which we may face in the future, how ready are we for them – yes CrowdStrike’s lack of testing was the cause but could it have happened with Microsoft’s own defender? Here are some other in-our-face catastrophes waiting for us:

1. Firmware Upgrades: Frequent and critical firmware updates increase the risk of flawed updates causing widespread hardware failures. A compromised CPU microcode update for all X86s could brick the CPUs via an OS upgrade.

2. DNS Outages: The Domain Name System (DNS) is the backbone of the internet. Significant disruptions could render the internet largely inaccessible.

3. BGP Misconfigurations: The Border Gateway Protocol (BGP) routes data across the internet. Errors or malicious attacks could lead to large-scale internet outages.

4. Cloud Provider Failures: Major cloud providers like Azure and AWS host vast amounts of critical data and services. A major failure or attack could have a cascading effect on global internet services.

5. Solar Storms: Extreme solar weather can disrupt satellite communications, GPS, and power grids, leading to a multi-faceted global crisis.

6. Submarine cable attack: Miles of unprotected cables represent a target for people who want to cause disruption

The Unseen Threats

While these risks are prominent, I wanted to ask what’s going to come left field, the less obvious threats. Here are my top five obscure yet plausible catastrophic scenarios:

1. Quantum Computing Breakthroughs: Advances in quantum computing could render current encryption standards like AES-256 obsolete, exposing sensitive data to unprecedented risks.

2. AI-driven Autonomous Systems: AI could be weaponised to create self-learning, autonomous hacking systems that evolve faster than human defences can adapt.

3. Smart City Infrastructure Attacks: As cities become more interconnected, attacks on smart infrastructure could paralyse essential services, from traffic control to emergency response systems.

4. Biohacking and Synthetic Biology Threats: Convergence of cyber and bioengineering technologies could lead to cyberattacks on biotech facilities, creating harmful biological agents.

5. Global Software Supply Chain Attack: A large-scale supply chain attack could introduce vulnerabilities into widely-used software, potentially affecting millions of systems worldwide.

Single Supplier vs. Diverse Solutions

The CrowdStrike incident also raises questions about relying on a single cybersecurity supplier. Before choosing CrowdStrike, had we considered the pros and cons of using a single supplier, simplified management and integration we loved the cost savings and consistent security by policy but at what cost?

The Road Ahead

Looking forward, the balance between performance and security remains critical. As quantum computing looms on the horizon, the transition to post-quantum cryptography will be essential and organisations should be preparing for this eventuality. Robust, multi-layered cybersecurity strategies incorporating diversity and resilience are more pressing than ever. The future of cybersecurity requires not just technological advancements but a fundamental shift in how we approach and manage our digital defences.

The most notorious cyber groups often blur the lines between financial motivation and nation-state backing. Continued spending on cybersecurity is essential, however, a knee-jerk reaction to replace CrowdStrike with another product won’t help. We must learn from these incidents and build a more resilient complete cybersecurity framework.

Credits

AARON GARCIA

Principal Consultant
LinkedIn

To find out more about this article or our experience in the Technology market get in touch.

Get In Touch →