SAN DIEGO (KGTV) — As public entities and businesses around the world scrambled to find solutions to a global IT outage, ABC 10News spoke to a cybersecurity expert to gain his perspective on the issue.
Nikolas Behar, an adjunct professor of Cybersecurity at the University of San Diego, joined ABC 10News at Midday for an interview.
10News anchor Melissa Mecija asked him how one company, CrowdStrike, can have such a reverberating impact across numerous industries and how people can protect themselves in the future.
Hear from Behar himself in the video player below:
QUESTIONS AND ANSWERS
MELISSA: How does one company have such a huge impact, and does this show just how vulnerable all of these industries are?
NIKOLAS: Yeah, that's a great question. So, CrowdStrike is one of the best cybersecurity companies in the world. They're mainly focused on enterprise. A lot of enterprises use their software, and that's why we're seeing very large organizations and government entities being affected. And so what happened was last night they pushed out a patch, and that patch had a negative effect on Windows systems where it would display the blue screen of death, which is the error that was shown earlier with the sad face.
Now, the fix that they've released is manual and tedious. It requires the technicians to go from one computer to the other and either boot it into a special mode and wait, called safe mode, or boot into safe mode and then modify or delete certain files and then reboot. Then, it should be working. They've distributed these instructions to their customers.
But as I mentioned, it's a very tedious and time-consuming process, so if an organization has a lot of Windows systems, it may take them a while to come back online. And it also depends on how many IT folks they have on staff as well.
M: Got it. The company did say it's an update, like you said... But there are still questions if this could be an attempted cyberattack. You're saying that it's not, though.
N: Yeah, as of now, I don't think it's a cyberattack based on the remediation guidance that they've issued. So, the steps that I outlined earlier -- those are not consistent with a cyberattack, right? Those are consistent with a faulty patch.
If this were a cyberattack, the reaction would be different. They would be taking probably more systems than we have offline right now offline because they serve on a lot more than Windows computers. They run on Linux, they run on Mac and they run in the cloud.
So the outage would probably be more widespread if CrowdStrike had suffered a cyberattack.
M: I'm surrounded by electronic devices, my computer, my phone... How should people protect themselves?
N: It's difficult to protect against this, but one thing I can recommend is you can turn on manual updates and turn off automatic updates and then wait to see if something like this happens.
Not all software supports that, so you want to check each piece of software that you're running. Windows does support that, and then they can wait and see what happens. And if there's no negative effect, they can apply the patch.
The only thing I would say is that if it's a patch addressing a critical vulnerability, they should not wait. They should patch based on the vendor's guidance.