CrowdStrike crash: Should UAE residents be wary of automatic IT updates?

Ordinary PC users can move on following the global IT meltdown last week but businesses and governments will have to start reviewing their backends and look at options to be safer, Dubai-based cybersecurity experts told Khaleej Times on Wednesday – less than a week after a software update by cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices worldwide.

“Residents should be personally more careful about scammers and cyberhackers,” noted Rayad Kamal Ayub, managing director of Rayad Group; and Irene Corpuz, GRC (Governance, Risk, and Compliance) and Cyber Policy Advisor based in Dubai. They both noted the massive tech failure that caused travel chaos and affected major industries around the world, was not a cyberattack.

In the UAE, some government services were among those hit by the cyber outage. Some flights and airport operations in the country were affected too, but the authorities’ swift response cushioned the impact.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

Two major concerns

Ayub, managing director of Rayad Group, noted, “most of the 8.5m devices affected by last week’s global IT outage are up and running. But there are two major concerns that must be highlighted following the CrowdStrike crash: First, the societal risks of industrial consolidation in the tech industry.”

“CrowdStrike is one of the largest companies in the cybersecurity market. Microsoft has a stranglehold on the business computing marketplace. Organisations run on Windows. If there are only a handful of large cybersecurity companies supplying and regularly updating millions of desktop corporate PCs, then there is an attractive potential for massive disruption,” he explained

Ayub continued: “Second major concern is that a single error by a single tech company can cause so much disruption. Imagine what a determined adversary could do?

This is what the SolarWinds hack did back in 2020, when US and worldwide government departments were affected, as well as corporations such as FireEye, Microsoft, Intel, Cisco and Deloitte.”

Changing view on cybersecurity

Ayub underscored “government authorities and business owners need to stop viewing cybersecurity services as merely a cost or expense but instead realise it as an essential investment in their entity’s future.”

On a brighter note, Ayub said: “Fortunately with technology advances we would be able to stop tech failures and businesses could take steps to secure data of the customers."

“The UAE government is extremely vigilant about its data and now the most critical data of residents are stored within the country with backups,” he added, noting: “Residents should be personally more careful about scammers and hackers. Think of them as modern-day highly skilled thieves who could break into your personal space.”

What happens now?

Irene Corpuz, who is also the founding partner and board member at Women in Cybersecurity Middle East, said: “Expect thorough investigations and remediation efforts to continue in the coming days.”

“While automatic updates are crucial, businesses must review their deployment processes. Users should not fear updates but should ensure proper testing and backup protocols,” she underscored.

• Flights resume after global IT crash wreaks havoc