THE world got a costly reminder of the risks of interconnected networks after cybersecurity firm Crowdstrike issued an update of its software for Windows operating systems that crippled business globally. The company responded quickly, issuing a fix and distributing it, but the damage was done as servers around the world went down, halting banking operations and travel services.

What is Crowdstrike? According to its website, Crowdstrike is an AI native provider in next-generation endpoint protection, threat intelligence and response services.

The problem arose with an update to the company's Falcon sensor that resulted in the always unwelcome "blue screen of death" on Windows computers that had the protective software installed. The company was quick to issue a statement that its customers were not subject to a malware attack or cybersecurity failure, but an issue with an automatically delivered update to its protective software.

Unfortunately, there are thousands of computers deployed around the world which both need this level of continuous protection while providing automated services to customers across a range of public services.

Compounding the problem were systems that were encrypted, most commonly using BitLocker, which had to first be opened using a recovery key, an uncommonly long string of text. That required affected companies to deploy teams of IT staff to "touch" every encrypted PC affected by the update since remote updates no longer worked.

Those reassurances did little to stem a growing backlash against the company fuelled by customer dissatisfaction with delays, inability to access services and inconveniences that dragged on long after the fix had been deployed to the cybersecurity company's customers. The company's stock fell by more than ten per cent during the outage.

IT managers were likely to be lamenting being caught between the rock and the hard place of balancing the risks of delaying updates to working hardware with the risk of applying untested updates to the same systems. Of particular note is the heavy toll that the software bug took on transaction systems, easily breaking online commerce for hours.

The incident took time to remedy and TT's share of the problem was, evidently, limited and manageable. Affected local companies were quick to issue notes on the recovery of their systems. The Ministry of Digital Transformation issued a statement that there had been no significant impact on government services.

TT is as vulnerable as any other nation to the risks of both deliberately malicious code and poorly programmed official updates.

On July 16, the Caribbean chapter of the International Information System Security Certification Consortium was launched and every presenter echoed the same sentiment. This country needs more cybersecurity professionals. We need them qualified, employed and deployed.

The post An expensive update appeared first on Trinidad and Tobago Newsday.