I feel we’ll be talking about Crowdstrike for a bit longer.
CrowdStrike has engaged two external security firms to review its Falcon threat-detection suite following a global IT outage caused by a flawed update. The root cause was identified as a mismatch in input parameters during the deployment of new detection capabilities, which led to a system crash. CrowdStrike has since updated its content compiler to ensure correct parameter counts and added runtime bounds checking to prevent future issues.
CrowdStrike attempted to restore its reputation at the Black Hat cybersecurity conference by distributing action figures and T-shirts while expressing gratitude to attendees. Despite the disruption affecting millions and prompting mixed reactions from cybersecurity professionals, many attendees supported the company, citing its effective remediation efforts.
CrowdStrike accepted the “Most Epic Fail” award at the DEF CON hacking show for a major IT outage caused by a faulty security update that affected millions of devices. President Michael Sentonas emphasized the importance of owning one’s mistakes and plans to display the award at the company’s headquarters.
And related, Microsoft responded to Delta Air Lines’ claims regarding the massive IT outage that led to thousands of flight cancellations, accusing Delta of not modernizing its technology. Delta’s CEO stated the airline is seeking damages from Microsoft and CrowdStrike for the disruptions, which reportedly cost around $500 million. Microsoft offered assistance during the outage, but Delta declined help, citing reliance on other technology providers.
CrowdStrike responded as well, expressing disappointment over Delta’s claims of gross negligence related to a recent IT outage, asserting that it acted swiftly to assist Delta. CrowdStrike’s legal counsel emphasized that Delta would need to justify its delayed recovery compared to competitors and its refusal of offered support.
And at the same time, Microsoft has mandated that all employees prioritize security as a core value, emphasizing its importance in protecting customers from cyber threats. A new “Security Core Priority” will be integrated into employee evaluations, holding everyone accountable for security measures. This initiative aims to foster a security-first mindset across the company, impacting career progression and rewards as Microsoft seeks to enhance its defenses against sophisticated cyberattacks.
Crowdstrike is doing the user repentance tour. Owning your mistakes and showing course corrections are good. I’m a bit less sure about T-Shirts and action figures, and would rather see some financial responsibility for mistakes, but that’s just me. And Delta… although if Delta turned down help, that doesn’t look good, and if they have outdated systems themselves, they stand some responsibility. I look forward to learning more as the cases progress.

