Many companies are still recovering after Friday's global IT outage impacted retailers, banks - and even airlines.
Friday's update by cyber security firm CrowdStrike created technical problems for several major businesses, resulting in the company's value dropping by $20 billion.
Tech commentator Paul Spain says many companies will see the risks of putting all their IT in one basket - and attempt to rectify that.
LISTEN ABOVE
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:06):
You're listening to the Sunday Session podcast with Francesca Rudkin
from News Talks EDB Now.
Speaker 2 (00:13):
On Friday, the largest IT outage in history crippled the globe.
The issue was caused by an update to a piece
of software run by US cybersecurity firm CrowdStrike. Computers crashed,
canceling flights, disrupting retail operations and affecting services like Saint
John and Auckland Transport. The outage was not malicious, but
it was so widespread that CrowdStrike saw its value tumbled
(00:35):
by New Zealand twenty billion. Gorilla Technology CEO Antech commentator
Paul Spain joins me. Now, good morning, Paul, Good morning, Francesca.
Have we able to sort of narrow down how this occurred,
why this occurred?
Speaker 3 (00:49):
Well, what we have is a situation with cybersecurity software
that runs in a lot of organizations around the world
that is always trying to close the door on the
very latest cyber threats, and so part of the way
they do this is when they see new information online
and new threats, they update their software. So this is
(01:13):
happening on a continuous basis for the every single day,
multiple times a day, and what happened in this occasion
is they've done an update to try and protect everyone,
but the update wasn't tested well enough, it was faulty,
and it's just taken down these millions of computers around
the world. And unfortunately a lot of those computers that
(01:36):
were taken offline by this were ones that as a
general public we rely on for things, you know, like
our banking, like flights and so on. So you know,
it's had that huge widespread impact.
Speaker 2 (01:51):
Considering their updating daily, Paul, is it almost amazing this
hasn't happened before.
Speaker 3 (01:58):
Yeah, Look to some degree, you know, with a lot
of the other updates that we that we get, and
if you've got a smartphone or a computer, which is
most of us, we're quite used to this cycle of
updates coming through. But most of them there's there's enough
time to test and they don't hit everybody at you
(02:19):
at the same time. But with these particular updates, they're
very fast. So yeah, that is probably you know, reasonably
unusual across the different updates that we get. Is that
particular pace, and yeah, they really drop the ball big
time on this one.
Speaker 2 (02:35):
Is there a monopoly here that's made this issue so big.
Speaker 3 (02:41):
Look, crowds strike are a big and a dominant player.
And I guess you know, one of the one of
the lessons in here is that it's important to you know,
to have a range of vendors that we can we
can choose from and not having all eggs in one basket.
And and that's you know, sometimes been a common approach
(03:02):
for organizations is to try and SI fi and not
use too many, too many different companies to provide their
you know, their technology plumbing. And there's benefits to that,
and there's risks to it. And I guess you know
what we've seen here as as one of the risks.
Speaker 2 (03:21):
Could it have been worse, Yeah, potentially.
Speaker 3 (03:27):
It could have been, but yeah, this is certainly at
the at the worse end of the impact. And that
you know, so many millions of computers will have needed
IP technicians to get in front of them to fix
them up. So, you know, often when there's some sort
of software glitch that can be resolved with an update,
(03:51):
that just goes out automatically and you've had a little
bit of pain for a little while and then it's fixed.
But in a lot of cases, with this one, it
needs somebody sitting down maybe you know, in front of
a laptop, in front of a computer to fix it directly.
Although a lot of those sort of systems that run
the banks and run the airlines are able to be
managed in a centralized manner, and so you know, you've
(04:14):
had people sort of you know, working working through the
night and so on over over the last couple of nights,
you know, who have as individuals, have been able to
work through and address this on very large quantities of
server systems that that kind of you know, run these
important parts of the world and of the Internet.
Speaker 2 (04:34):
What are the wider consequences for this for the global
cybersecurity industry?
Speaker 3 (04:41):
Look, I think it leaves people feeling uncomfortable around around
you know, citt aspects of technology around cybersecurity. I imagine
what we're going to see as some pushback from organizations
around having updates come to them at the sort of
pace that that they have been and that in it
(05:05):
in itself is a real balancing act because if the
updates come to you slower, then potentially that increases the
chance that you will get hit by a malicious cyber attack.
So that's it's a fine, fine balance, but you know,
in this case, I think, you know, CrowdStrike really, you know,
has something to answer for. And you know, they definitely
(05:28):
need to make sure that they're doing more thorough testing
before they push these updates out. But yeah, I think
I think it leaves people feeling somewhat uncomfortable about relying
so much on technology too.
Speaker 2 (05:41):
Absolutely, I'm going to be using this, Paul as an excuse.
My children are always saying you're so slow, mum. Your
phone needs to be updated, your computer needs to be updated.
I'm just going to sit there now, go remember CrowdStrike,
do that.
Speaker 3 (05:54):
Brad J. Get the updates. They keep you safe. But
if you want to wait extra half an hour.
Speaker 2 (06:00):
Sure, So, just if you're a customer, if you're somebody
who been affected by this, you think you're doing the
right thing. You've got your cybersecurity software in place. Is
there anything else that you should be thinking about now
going forward?
Speaker 1 (06:15):
Going?
Speaker 2 (06:15):
Okay, if this thing happened again, or I was attacked,
what do I need to have in place? What should
I be thinking about?
Speaker 3 (06:22):
Look, you know, I think all of us need to
need to be upskilling and becoming aware of, you know what,
what the cyber risks and threats are and you know
those who have whether it's a small business or a
large business or where you know, wherever they sort of sit,
you know it when it comes to organizationally, their organization,
(06:43):
you know, should have plans of what are they going
to do for you know, all manner of things that
can that can go wrong, right, and we've done this
for decades business continuity planning. What happens if the Internet
goes down, what happens if this happens to our computers,
what happens if we have a cyber attack. But unfortunately
in New Zealand we have a pretty low standard when
(07:05):
it comes to airiness for cybersecurity issues, so we often
leave ourselves actually wide open and then that broader preparedness
for dealing with you know, the inevitable with technology risk
that at some times things are going to go wrong,
and so you know, this to me is it's a
bit of a wake up call to be more prepared
(07:28):
and to be more ready so that when things do
go wrong, you know we can be on the right
side of it.
Speaker 2 (07:33):
Paul, good to talk to you, and I promise I
shall go home this afternoon and run on my updates.
Speaker 3 (07:38):
Thank you.
Speaker 2 (07:40):
That was Paul Spain there, Gorilla Technology CEO and tech commentator.
Speaker 1 (07:45):
For more from the Sunday session with Francesca Rudkin, listen
live to news talks that'd be from nine am Sunday,
or follow the podcast on iHeartRadio
You're listening to the Sunday Session podcast with Francesca Rudkin
from News Talks EDB Now.
Speaker 2 (00:13):
On Friday, the largest IT outage in history crippled the globe.
The issue was caused by an update to a piece
of software run by US cybersecurity firm CrowdStrike. Computers crashed,
canceling flights, disrupting retail operations and affecting services like Saint
John and Auckland Transport. The outage was not malicious, but
it was so widespread that CrowdStrike saw its value tumbled
(00:35):
by New Zealand twenty billion. Gorilla Technology CEO Antech commentator
Paul Spain joins me. Now, good morning, Paul, Good morning, Francesca.
Have we able to sort of narrow down how this occurred,
why this occurred?
Speaker 3 (00:49):
Well, what we have is a situation with cybersecurity software
that runs in a lot of organizations around the world
that is always trying to close the door on the
very latest cyber threats, and so part of the way
they do this is when they see new information online
and new threats, they update their software. So this is
(01:13):
happening on a continuous basis for the every single day,
multiple times a day, and what happened in this occasion
is they've done an update to try and protect everyone,
but the update wasn't tested well enough, it was faulty,
and it's just taken down these millions of computers around
the world. And unfortunately a lot of those computers that
(01:36):
were taken offline by this were ones that as a
general public we rely on for things, you know, like
our banking, like flights and so on. So you know,
it's had that huge widespread impact.
Speaker 2 (01:51):
Considering their updating daily, Paul, is it almost amazing this
hasn't happened before.
Speaker 3 (01:58):
Yeah, Look to some degree, you know, with a lot
of the other updates that we that we get, and
if you've got a smartphone or a computer, which is
most of us, we're quite used to this cycle of
updates coming through. But most of them there's there's enough
time to test and they don't hit everybody at you
(02:19):
at the same time. But with these particular updates, they're
very fast. So yeah, that is probably you know, reasonably
unusual across the different updates that we get. Is that
particular pace, and yeah, they really drop the ball big
time on this one.
Speaker 2 (02:35):
Is there a monopoly here that's made this issue so big.
Speaker 3 (02:41):
Look, crowds strike are a big and a dominant player.
And I guess you know, one of the one of
the lessons in here is that it's important to you know,
to have a range of vendors that we can we
can choose from and not having all eggs in one basket.
And and that's you know, sometimes been a common approach
(03:02):
for organizations is to try and SI fi and not
use too many, too many different companies to provide their
you know, their technology plumbing. And there's benefits to that,
and there's risks to it. And I guess you know
what we've seen here as as one of the risks.
Speaker 2 (03:21):
Could it have been worse, Yeah, potentially.
Speaker 3 (03:27):
It could have been, but yeah, this is certainly at
the at the worse end of the impact. And that
you know, so many millions of computers will have needed
IP technicians to get in front of them to fix
them up. So, you know, often when there's some sort
of software glitch that can be resolved with an update,
(03:51):
that just goes out automatically and you've had a little
bit of pain for a little while and then it's fixed.
But in a lot of cases, with this one, it
needs somebody sitting down maybe you know, in front of
a laptop, in front of a computer to fix it directly.
Although a lot of those sort of systems that run
the banks and run the airlines are able to be
managed in a centralized manner, and so you know, you've
(04:14):
had people sort of you know, working working through the
night and so on over over the last couple of nights,
you know, who have as individuals, have been able to
work through and address this on very large quantities of
server systems that that kind of you know, run these
important parts of the world and of the Internet.
Speaker 2 (04:34):
What are the wider consequences for this for the global
cybersecurity industry?
Speaker 3 (04:41):
Look, I think it leaves people feeling uncomfortable around around
you know, citt aspects of technology around cybersecurity. I imagine
what we're going to see as some pushback from organizations
around having updates come to them at the sort of
pace that that they have been and that in it
(05:05):
in itself is a real balancing act because if the
updates come to you slower, then potentially that increases the
chance that you will get hit by a malicious cyber attack.
So that's it's a fine, fine balance, but you know,
in this case, I think, you know, CrowdStrike really, you know,
has something to answer for. And you know, they definitely
(05:28):
need to make sure that they're doing more thorough testing
before they push these updates out. But yeah, I think
I think it leaves people feeling somewhat uncomfortable about relying
so much on technology too.
Speaker 2 (05:41):
Absolutely, I'm going to be using this, Paul as an excuse.
My children are always saying you're so slow, mum. Your
phone needs to be updated, your computer needs to be updated.
I'm just going to sit there now, go remember CrowdStrike,
do that.
Speaker 3 (05:54):
Brad J. Get the updates. They keep you safe. But
if you want to wait extra half an hour.
Speaker 2 (06:00):
Sure, So, just if you're a customer, if you're somebody
who been affected by this, you think you're doing the
right thing. You've got your cybersecurity software in place. Is
there anything else that you should be thinking about now
going forward?
Speaker 1 (06:15):
Going?
Speaker 2 (06:15):
Okay, if this thing happened again, or I was attacked,
what do I need to have in place? What should
I be thinking about?
Speaker 3 (06:22):
Look, you know, I think all of us need to
need to be upskilling and becoming aware of, you know what,
what the cyber risks and threats are and you know
those who have whether it's a small business or a
large business or where you know, wherever they sort of sit,
you know it when it comes to organizationally, their organization,
(06:43):
you know, should have plans of what are they going
to do for you know, all manner of things that
can that can go wrong, right, and we've done this
for decades business continuity planning. What happens if the Internet
goes down, what happens if this happens to our computers,
what happens if we have a cyber attack. But unfortunately
in New Zealand we have a pretty low standard when
(07:05):
it comes to airiness for cybersecurity issues, so we often
leave ourselves actually wide open and then that broader preparedness
for dealing with you know, the inevitable with technology risk
that at some times things are going to go wrong,
and so you know, this to me is it's a
bit of a wake up call to be more prepared
(07:28):
and to be more ready so that when things do
go wrong, you know we can be on the right
side of it.
Speaker 2 (07:33):
Paul, good to talk to you, and I promise I
shall go home this afternoon and run on my updates.
Speaker 3 (07:38):
Thank you.
Speaker 2 (07:40):
That was Paul Spain there, Gorilla Technology CEO and tech commentator.
Speaker 1 (07:45):
For more from the Sunday session with Francesca Rudkin, listen
live to news talks that'd be from nine am Sunday,
or follow the podcast on iHeartRadio
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.