Businesses and services across the globe have started to slowly recover after a massive IT outage affected computer systems for hours from Thursday into Friday.
Airlines, banks and hospitals were among the hardest-hit after the cybersecurity firm Crowdstrike released a faulty software update which caused computers operating Microsoft Windows to crash.
Crowdstrike’s CEO George Kurtz apologised for the chaos and said the company had issued a fix but warned it could be “some time” before all systems were running normally.
“All of Crowdstrike continues to work closely with impacted customers and partners to ensure that all systems are restored,” he said in a post on X.
Germany’s cybersecurity chief Claudia Plattner also warned that given the scale of the outage, full recovery could take weeks.
“I can promise you that it will not be a matter of hours, I can assure you of that. We are currently receiving reports that some of those affected have already restarted their IT systems. This means that we are already in the recovery process. However, it is to be expected that it will still take some time until the situation has returned to normal,” she said in a press conference in Bonn.
The system crash caused chaos across Germany’s healthcare sector, with the main university hospitals in cities such as Kiel and Lübeck having to close and cancel all non-emergency operations.
Some airline services are also beginning to return to normal after the cancellation of thousands of flights although operators expect delays and cancellations to continue through the weekend.
Airports in Poland issued an appeal to passengers to verify the status of their flights and to arrive three hours before the scheduled departure time with Wizz Air saying the check-in system at Warsaw airport was down and online check-in was also affected.
There was similar travel chaos in Greece. Although the country was largely unaffected by the software bug, there were flight delays and long queues at the country’s bigger airports. While flights could land at Athens, they could not leave as departures were controlled by the system affected by the Microsoft digital blackout.
Amsterdam Schiphol also reported issues with flights affected, as did airports in Germany, the UK, New Zealand, Japan, and India. Switzerland’s largest airport, Zurich, stopped aircraft from landing.
And several European carriers such as KLM and Ryanair reported issues with customers unable to check in for flights online.
What’s caused the global outage?
In a statement on Friday, George Kurtz, CEO of Crowdstrike confirmed that a “defect” in a content update for Windows machines is behind the outage.
“Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” Kurtz said.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed”.
Crowdstrike advised customers to refer to its support portal for updates, and for organisations who use its services to continue communicating with Crowdstrike representatives “through official channels”.
“Our team is fully mobilised to ensure the security and stability of Crowdstrike customers,” Kurtz concluded.
Initial reports on Friday speculated that an antivirus software update at the cybersecurity firm had gone awry and was to blame for the outage.
The incident wiped 15 per cent off the value of Crowdstrike shares when trading opened on Friday, the equivalent of $12.5 billion (€11.5 billion).
Dependence on single providers
In the wake of the disruption, experts have agreed on the need to move away from overreliance on remote management of our devices by a handful of large, centralised platforms.
Chris Dimitriadis, a cybersecurity expert and the Global Chief Strategy Officer at IT governance association ISACA, called the outage “nothing short of a crisis”.
“When one service provider in the digital supply chain is affected, the whole chain can break, causing large-scale outages. This incident is a clear example of what could be termed a digital pandemic – a single point of failure impacting millions of lives globally,” he said.
“The outage is a result of an increasingly complex and interconnected digital world, and this failing is exactly why cyber resilience is key for ensuring the safety, security, and wellbeing of citizens as well as a key enabler of the global economy”.
