iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
CrowdStrike’s security chief has said that he and the company take 19 July’s cyber security patch failure personally.
Shawn Henry, CrowdStrike’s chief security officer and a former FBI agent, has released a statement following a disastrous CrowdStrike Falcon update that caused Windows PCs all over the world to crash last week, disrupting a raft of businesses and services.
“On Friday, we failed you, and for that, I’m deeply sorry. I’ve been in my professional life for almost 40 years, and my North Star has always been to ‘protect good people from bad things’,” Henry (pictured) said in a post on LinkedIn.
“For 24 years in the FBI, I was involved in hundreds of investigations and crises… terrorist incidents, mass shootings, computer intrusions, and kidnappings. Serving the citizens, safeguarding national security, and keeping people secure is something that’s defined my professional career.
“When I transitioned to CrowdStrike after retiring in 2012, it was an opportunity to continue the mission. Nation-state adversaries, organised crime groups, and hacktivists were ramping up their attacks on infrastructure, posing grave risk to the commercial and private sector.”
Henry then pointed to how his continuing drive to “to protect good people from bad things” came into play at CrowdStrike, noting the company’s work disrupting ransomware attacks, developing threat intelligence, and combating threat actors backed by nation-state organisations.
“We built a team and a culture which embodies the spirit of ‘one team, one fight’. We created a stellar reputation over a dozen years, solving people’s problems and protecting them from harm. I am as proud of my work at CrowdStrike as I was when I was at the FBI, because we’ve had an impact and we’ve made a difference,” Henry said.
“On Friday, though, we failed. The past two days have been the most challenging 48 hours for me over 12+ years. The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch.
“But this pales in comparison to the pain we’ve caused our customers and our partners. We let down the very people we committed to protect, and to say we’re devastated is a huge understatement.
“I, and the entire company, take that personally. Thousands of our team members have been working 24/7 to get our customer systems fully restored. The days have been long and the nights have been short, and that will continue for the immediate future. But that is part of the promise we made to all of you when you put your trust and protection in our hands.”
Henry praised “every customer and partner” who has been working to mediate the issue, calling them “the real heroes in all of this”.
“We are committed to re-earning your trust by delivering the protection you need to disrupt the adversaries targeting you. Despite this setback, the mission endures,” Henry said before quoting United States founding father John Adams – “Every problem is an opportunity in disguise.”
“Our promise to all of you is that CrowdStrike will use this opportunity to emerge better and stronger than ever, because it’s no less than every customer and partner expects and deserves. We commit to that,” Henry said.
The incident occurred on 19 July after cyber security firm CrowdStrike released an update to its Falcon endpoint security platform that caused Windows PCs to crash to a blue screen, unable to boot up again.
Numerous television networks were impacted, and airports and airlines around the world experienced shutdowns and other disruptions, while supermarkets and other retail outlets were forced to turn to cash or close entirely.
More than 8.5 million Windows PCs were impacted and taken offline, and recovery is expected to take some time, possibly weeks.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
