Confess. Like many, you were likely unaware of CrowdStrike's existence until a software update mishap catapulted the obscure cybersecurity firm into the limelight. Naturally, when such an error causes a global disruption of computers and businesses, it garners widespread attention.
Law firms, like many other businesses, were not immune from the impact. According to Law.com, “The impacts on law firms have been varied, with one Am Law 200 CEO on the West Coast indicating that the firm’s servers were back online, albeit with some isolated outages remaining, and another Am Law 100 executive describing issues with delays in emails and document management systems.”
Even if law firms were able to conduct business, many of the industries with whom they work or rely on were impacted or even shut down temporarily, including:
- Airlines. Major airlines, including Delta, United and American, experienced significant disruptions. More than 2,000 flights were canceled, and countless more were delayed because of the outage.
- Banks. Financial institutions were among those hard-hit by the update error, leading to delays and security concerns.
- Hospitals and emergency services. Hospitals and medical services faced significant operational challenges. The outage led to cancellations of elective surgeries and delayed medical appointments.
- Businesses. Numerous businesses that rely on Microsoft services experienced outages, ranging from retail to manufacturing, and caused operational disruptions.
- Government agencies. Government agencies that use Microsoft services for their operations were impacted, disrupting e-filing, public services and administrative functions.
- General IT infrastructure. The error affected approximately 8.5 million devices running Microsoft Windows, according to the software giant.
We have all done software updates, ranging from the frequent Microsoft Windows updates to the apps we install on our smartphones. It seems that, whenever we do updates, there is always some trepidation. Will it work, or will it turn your computer into a brick? Essentially, the CrowdStrike error caused the “blue screen of death” (BSOD) on computers and servers, and it happened to major businesses all over the world, literally at once.
What Is CrowdStrike, and What Happened?
Founded in 2011, CrowdStrike operates in over 170 countries, has about 29,000 customers and reported more than $900 million in revenue for the quarter that ended in April, according to Reuters. CrowdStrike not only provides security software to industries, but it also investigates hacks and tracks hackers. In short, the company is huge; it focuses on cybersecurity, and its software is installed on major computers everywhere.
CrowdStrike’s primary software product is called Falcon. It is a comprehensive cybersecurity platform designed to provide advanced threat detection, prevention and response capabilities.
Falcon features threat detection, threat prevention and antivirus protection, all designed to prevent known and unknown threats in real time. It also protects against malware, ransomware and other advanced threats. Its threat intelligence protection is designed to identify threats and provide customers with tools to protect against emerging threats. In short, if you are not using CrowdStrike, you can be sure that the companies you deal with are.
Why Did the CrowdStrike Outage Happen?
A statement from CrowdStrike said the outage was caused by a defect in a content update to its Falcon cybersecurity defense software for Windows hosts. Computers with Mac and Linux operating systems were not impacted, and CrowdStrike said a cyberattack did not cause the incident.
In short, what really happened was relatively simple. CrowdStrike deployed an update to its customers. The customers installed the updates. The updates apparently had one line in the code that was wrong. The result was simultaneous BSOD all over the world and a crashing halt to a slew of businesses everywhere.
What Are Some of the Implications of the CrowdStrike Incident for Lawyers?
The CrowdStrike update error serves as a stark reminder of the vulnerabilities in our digital world. For law firms and lawyers, understanding these impacts is crucial for advising clients on risk management and mitigating similar disruptions in the future and for understanding our interconnected world. With law firms increasingly relying on sophisticated cybersecurity solutions to protect sensitive client information and maintain operational integrity, the impact of the incident is profound.
There are many implications of the CrowdStrike update error for law firms and lawyers. CrowdStrike has many law firm clients, and it is safe to say that, with its reach, lawyers all deal with firms that have their software. On its website, it touts its services for “Law Firms and Insurance,” which enables the company to “[r]espond to a breach with speed and precision and reduce the cost of cyber claims with CrowdStrike Incident Response and Advisory Services.”
Government cybersecurity agencies around the world are alerting businesses and individuals about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage.