Explore our Topics:

Pogo on cybersecurity: We have met the enemy, and he is us

Phishing scares health IT leaders, but CrowdStrike software update flaw shows internal human error poses the greatest threat to operations.
By admin
Jul 22, 2024, 3:12 PM

What do Starbucks, Disney travel, and elective surgery have in common? You couldn’t get any of them during the recent CrowdStrike cybersecurity software update disaster.

Who would have thought that “zero trust” would pertain as much to your cybersecurity provider as it does to an officer worker clicking on a phishing email link. But today we learned that a phishing breach was not what brought down half the airline industry during some of the heaviest air travel periods in history.

It’s easy for a pundit to sit here and take potshots at one of the most reputable cybersecurity firms in the world. Should the update code have been thoroughly checked and rechecked for bugs before hitting the enter key?  Of course!

But what has become increasingly disturbing since the Change Healthcare breach is how metastatic these breaches or update errors are within and across industries around the world. To have the click of a software update engineer bring down huge amounts of computing around the world is frightening.

I had what I call a “fireside spat” this week on my Health Stealth Radio program with friend and former colleague Dave Moschella. He is co-author of the newly released book “Technology Fears and Scapegoats: 40 Myths about Privacy, Jobs, AI, and Today’s Innovation Economy.”

In our conversation, we debated whether AI would be the root cause of world cyber destruction and potentially control all nuclear armaments. In the spirit of the spat, I taunted him by agreeing with this exaggerated hypothesis. Dave argued what a ridiculous myth this was and presented a strong case for how humans will increasingly be the culprits and that AI will not go unchecked.

I conceded that he could be right, but that even if it doesn’t run rampant, the “instantaneous scale” of AI and cyber together can have devastating short-term effects on commerce and health. He reluctantly agreed with that small piece.

The self-inflicted wound in the CrowdStrike disaster perfectly reinforces the Pogo quote that the service provider can cause as much damage as the dark state.

Now many will take the high road and say that this exercise was actually important so as to prepare industry and consumers for future disruptions. They will reinforce the need for multiple redundancies that many of their customers suspected were there already to ensure business continuity. They were not.

As with the Change and Ascension breaches, there will no doubt be congressional hearings — as in TikTok hearing, elected officials who can’t set a wakeup call on their smartphones will try to show their bona fides on AI-generated programming code and global software update security.


Show Your Support

Subscribe

Newsletter Logo

Subscribe to our topic-centric newsletters to get the latest insights delivered to your inbox weekly.

Enter your information below

By submitting this form, you are agreeing to DHI’s Privacy Policy and Terms of Use.