Exactly two months ago, the most serious IT failure to date occurred with massive consequences: canceled flights, failed servers and PCs, companies sending their employees home, hospitals having to postpone operations. The damage ran into the billions. A faulty update to the widely used cybersecurity solution from CrowdStrike had led to numerous IT outages around the world. If there is anything positive to be drawn from this incident, it is the realization that even the last person should be aware that digital networking is absolutely the lifeblood of the economy and society. IT (and its availability) is part of the critical infrastructure, just like energy.
“The IT outages and their consequences show the outstanding importance of digital technologies for our economy and society,” says Bitkom President Ralf Wintergerst. In his opinion, such an IT outage should not be repeated. “This time it turned out well, thanks in part to the joint efforts of business and authorities, with the support of CrowdStrike and Microsoft,” says Wintergerst.
Bitkom and the BSI wanted to know how badly the CrowdStrike glitch had affected German companies, whether they had drawn conclusions and if so, what were they? Over 300 companies were surveyed. The results now available are not representative, but they at least provide a “meaningful picture of the mood,” according to Bitkom.
According to the survey, directly and indirectly affected companies in this country (331) report on the consequences of the IT outage caused by Crowdstrike:
- 62 percent of the companies affected at the time suffered direct consequences, such as the failure of their own PCs or servers
- 48 percent felt indirect effects because, for example, suppliers, customers or business partners were affected
- 48 percent, or around half of the directly or indirectly affected companies, had to temporarily cease operations – on average for 10 hours
- Looking back, 73 percent describe the problems and disruptions that arose as serious for the German economy
- 64 percent are certain that, with regard to their own company, such an incident cannot be completely prevented.
“A warning shot for us”
Claudia Plattner, BSI President, agrees with the latter: “There will be no 100 percent protection against IT security incidents in the future either. Nevertheless, we want to get as close to 100 percent as possible.”
To this end, the BSI is in close contact with CrowdStrike, Microsoft and other software manufacturers “so that they can improve the quality of their software and their software updates.” But that alone is not enough. “Companies must and can also increase their resilience with preventive measures so that they become more resistant to IT security incidents,” said the BSI boss.
What they should do preventively is to have the greatest possible control over update processes and IT emergency concepts, which “must be an important part of any crisis preparedness!”, says Plattner. “We urgently need to continue to improve our cyber security and need the corresponding know-how in companies and authorities – this is the only way we can better protect ourselves against unintentional outages or targeted attacks and become more digitally confident,” adds Wintergerst. The latest breakdown must “be a warning shot for us”.
Next page: Breakdown statistics and consequences