July 30, 2024
4 Stocks to Buy After CrowdStrike Disaster
Dear Subscriber,
 |
| By Karen Riccio |
I’d love to be able to breathe a sigh of relief now that we know the cause of the “largest IT outage in history,” as experts describe the July 19 debacle.
I mean, the fact that neither a security issue nor savvy, AI-armed cybercriminals had anything to do with it should be comforting.
We should all be shouting from the rooftops that malice didn’t play any role in crashing 8.5 million devices running Microsoft (MSFT) Windows that day.
But, alas, the (alleged) root causes are even more disturbing: human error and a lack of proper testing.
Such “minor” missteps should have never upended that boatload of systems critical to the online operations of banks, hospitals, police forces, 9-1-1 emergency systems, major airlines, TV stations and government agencies as far away as Australia.
So far, the cost of canceling flights and delaying surgeries, the closure of courts and government offices, a stoppage of payment systems and so on has already reached $1.5 billion.
That’s a rolling count as some users still can’t access everyday apps or important data.
All of that because of bad code written by a developer for a routine software update from CrowdStrike (CRWD), the security firm blamed by most for the disaster.
Ironically, the update was for one of its main hack-sniffing security products (Falcon) used by Microsoft to protect Windows OS clients.
Ordinarily, a single glitch caused by human error isn’t the end of the world. That’s because best practices call for putting measures in place to identify troublesome software coding errors and fixing them.
And if an error slips through the cracks, standard testing would catch any before anyone pushes the “send” button and rolls out an update to an entire database.
There’s lots of questions about why Crowdstrike did not conduct customary testing on the code before releasing the update.
Experts say this error puts the company’s quality assurance procedures in question.
Not surprisingly, investors showed their disapproval, sending shares of CRWD down nearly 30% since before July 19 outage.
One-month CRWD price chart.
Click here to see full-sized image.
Coincidentally, one of the first data centers and cloud providers to feel the heat from the outage was Microsoft Azure. It offers services to on-premises facilities, allowing businesses to build and run hybrid applications.
Azure provides public and private data storage on the cloud. So does Alphabet (GOOGL), only on a larger scale.
The outages for Azure and Google explain why we saw so many large entities like banks and airlines go offline.
The Real Problem Exposed
in the CrowdStrike Disaster
This reliance on a small number of providers or technology for critical systems underscores the vulnerability single points of failure can cause.
This consolidation of cloud services over the years — a technology that allows consumers to store computer information in massive data centers rather than storing it on-site — only increases the odds of far-reaching outages .
Just three companies — Amazon (AMZN), Microsoft and Google — control 65% of the cloud market, according to a report by CloudZero.
Microsoft and CrowdStrike also dominate the end-point security market, which ensures cybersecurity for devices like desktops, laptops and mobile devices. As of 2023, the two companies controlled more than 30% of the market.
Both of these examples of consolidation allowed a simple error to spiral.
It would’ve taken so little time and effort to avoid this catastrophe. And while the bug was not malicious, the outage caught the attention of people with very ugly intentions.
As companies began the tedious and costly fix that involves manually rebooting computers one by one from safe mode, cybercriminals took little time to prey on the vulnerable.
In a follow-up blog post on the same day as the outage, Crowdstrike warned customers that it had identified a malicious file being sent around by hackers posing as a “quick fix” to the problem.
Bad actors were distributing a file named “crowdstrike-hotfix.zip” that included malware enabling hackers to remotely control or monitor users’ devices.
They were literally luring people impacted by the outage and taking advantage of their desperation to recover their computer systems quickly.
So, where do we go from here? Knowing that this event was completely avoidable isn’t much consolation.
The scariest part is the world’s utter reliance on a few technology giants and the complicated intertwining of networks, data and products.
One researcher at the University of Pennsylvania studying digital infrastructure says increased vulnerability is due to “the internet [is] becoming so centralized that we’re at the mercy of four or five big companies.”
Well, considering how slowly the wheels of regulation move, I don’t think the immediate fix involves a revamping of the tech ecosystem. In fact, Microsoft, as one of tech’s biggest spenders on lobbying lawmakers and regulators, already spent more than $5 million this year doing so.
Since total prevention is pretty much a pie-in-the-sky goal, companies that continue to rely on a small number of vendors to control a huge chunk of operations will remain vulnerable.
Instead, we’ll see companies place much more focus on the biggest protective mechanisms designed to minimize damages as a result of outages. That includes multiple backups of data and power (redundancy), disaster-recovery planning and risk management to minimize downtime.
This isn’t just a technical problem, it’s a business problem. And when bottom lines are negatively impacted, CEOs are the ones put under the C-suite microscope.
So, expect one of the more popular strategies, Disaster Recovery as a Service, or DRaaS, to balloon moving forward.
And the chart below from MarketsandMarkets illustrates the upward potential.
Companies that offer DRaaS solutions include colocation providers like Equinix (EQIX) and Iron Mountain (IRM). A company outside the mainstream in this arena to consider is Data Storage (DTST).
And the Procure Disaster Recovery Strategy ETF (FIXT) focuses on companies that provide disaster recovery services as a result of natural disasters.
This is one area worth your attention. Following the “largest IT outage in history,” this obscure niche industry will certainly garner many more eyes.
Best,
Karen Riccio
P.S. You might have noticed throughout all of this panic that the big chipmakers weren’t swept up like the cloud companies.
That’s because the top ones make managing damage from outages or preventing them from happening in the first place a top priority.
They are able to do that because of the giant rotation into “silent partners” that build in added security. Here’s how this pivot works and why you will want to be on the right side of it.
Tidak ada komentar:
Posting Komentar