Ordinary PC users can move on following the global IT meltdown last week but businesses and governments will have to start reviewing their backends and look at options to be safer, Dubai-based cybersecurity experts told Khaleej Times on Wednesday – less than a week after a software update by cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices worldwide.
“Residents should be personally more careful about scammers and cyberhackers,” noted Rayad Kamal Ayub, managing director of Rayad Group; and Irene Corpuz, GRC (Governance, Risk, and Compliance) and Cyber Policy Advisor based in Dubai. They both noted the massive tech failure that caused travel chaos and affected major industries around the world, was not a cyberattack.
In the UAE, some government services were among those hit by the cyber outage. Some flights and airport operations in the country were affected too, but the authorities’ swift response cushioned the impact.
Stay up to date with the latest news. Follow KT on WhatsApp Channels.
Two major concerns
Ayub, managing director of Rayad Group, noted, “most of the 8.5m devices affected by last week’s global IT outage are up and running. But there are two major concerns that must be highlighted following the CrowdStrike crash: First, the societal risks of industrial consolidation in the tech industry.”
“CrowdStrike is one of the largest companies in the cybersecurity market. Microsoft has a stranglehold on the business computing marketplace. Organisations run on Windows. If there are only a handful of large cybersecurity companies supplying and regularly updating millions of desktop corporate PCs, then there is an attractive potential for massive disruption,” he explained
Ayub continued: “Second major concern is that a single error by a single tech company can cause so much disruption. Imagine what a determined adversary could do?
This is what the SolarWinds hack did back in 2020, when US and worldwide government departments were affected, as well as corporations such as FireEye, Microsoft, Intel, Cisco and Deloitte.”
Changing view on cybersecurity
Ayub underscored “government authorities and business owners need to stop viewing cybersecurity services as merely a cost or expense but instead realise it as an essential investment in their entity’s future.”
On a brighter note, Ayub said: “Fortunately with technology advances we would be able to stop tech failures and businesses could take steps to secure data of the customers.”
“The UAE government is extremely vigilant about its data and now the most critical data of residents are stored within the country with backups,” he added, noting: “Residents should be personally more careful about scammers and hackers. Think of them as modern-day highly skilled thieves who could break into your personal space.”
What happens now?
Irene Corpuz, who is also the founding partner and board member at Women in Cybersecurity Middle East, said: “Expect thorough investigations and remediation efforts to continue in the coming days.”
“While automatic updates are crucial, businesses must review their deployment processes. Users should not fear updates but should ensure proper testing and backup protocols,” she underscored.
Corpuz noted the CrowdStrike meltdown has shown that even top security firms can have vulnerabilities – shaking their credibility and putting client data at risk.
“Right now, the priority is transparent and clear communication and quick fixes to regain the trust of clients and the industry,” she added.
Apply best practices
Corpuz shared the following tips to prevent any CrowdStrike meltdown from happening again:
- Still, apply the best practices. Use extensive pre-deployment testing, implement fail-safes and backup (and test that they work in a real situation of a disaster).
- Conduct security audits. If it happened with Crowdstrike it can possibly happen with any other systems. No one wants this kind of incident, let alone this type of global level impact. The key is to be resilient.
- In terms of cyberattack, we should be aware that it is not a question of ‘will we be attacked?’, but the correct question is ‘when will we be attacked, and how resilient are we to recover from the incident’?
- There should be transparency from the software providers themselves. There must be a thorough testing before deployment. This will be very resource intensive on the part of the companies but the end-users will be able to determine and decide whether the updates can be immediately accepted or a test on their own environment will have to be done before deploying.
- There has been a strong collaboration within the IT industry during last Friday’s incident. Sharing solutions and workarounds resolved the issue. Therefore, collaborating more and sharing insights to strengthen broader cybersecurity defences is important.