Recent data suggests Microsoft and Crowdstrike took roughly 55pc of the world’s security software sales last year, with Crowdstrike focusing on the biggest businesses in various important sectors.
Businesses around the world continue to feel the effects of the massive Crowdstrike outage from last Friday, while questions have been raised about how a global incident of this scale could occur.
The cause has been determined as a faulty update from the cybersecurity company, which caused roughly 8.5m Windows computers to crash worldwide, according to estimates from Microsoft.
The tech giant said this only accounts for less than 1pc of all Windows machines worldwide, but the disruption was not distributed evenly – Crowdstrike is a software mainly used by businesses instead of consumers.
The dominance that Crowdstrike and Microsoft have in certain sectors was made clear from the outage, as airlines, banks and other important sectors around the world were hit with IT disruptions. The US Delta Airlines was hit particularly badly from the outage and is still struggling to return to normal levels of operation today (23 July)
The disruption has created concerns among IT experts about the danger of similar events happening again, particularly with the dominance of both Microsoft and Crowdstrike in the cybersecurity market. Tom Lysemose Hansen, CTO of Norweigian cybersecurity company Promon, highlighted the importance Crowdstrike has for some sectors.
“Crowdstrike underpins their everyday operations, being present in anything from point of sale to ATMs as well as being used on Microsoft Windows systems,” Hansen said. “The nightmare-inducing problems associated with pushing a faulty update or patch like this is the very reason why most firms wait around a month or so before they choose to implement them.”
The top two players
A recent report by TechCrunch highlighted how the recent disruption could cause Crowdstrike’s rivals to profit from the chaos, as the company’s stock price has plunged in the aftermath of the incident.
This report highlighted the revenue share that Crowdstrike has in the security software sales market. Data from Gartner estimates that CrowdStrike had a 14.74pc share of global revenue in 2023, coming in second place globally behind Microsoft which a 40.16pc revenue share.
Crowdstrike claims to provide its products and services to more than half of the Fortune 1000 companies, along with eight out of the top 10 tech firms, auto companies, financial services firms and food and beverage companies. It also claims to have seven of the top 10 manufacturers among its customer base.
During the incident on Friday, ESET Ireland released a statement highlighting the issues with relying on specific vendors worldwide.
“The inconvenience caused by the loss of access to services for thousands of people serves as a reminder of our dependence Big Tech such as Microsoft in running our daily lives and businesses,” ESET Ireland said. “Upgrades and maintenance to systems and networks can unintentionally include small errors, which can have wide-reaching consequences.
“Another aspect of this incident relates to ‘diversity’ in the use of large-scale IT infrastructure. This applies to critical systems like operating systems, cybersecurity products and other globally deployed applications. Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects.”
Microsoft passes blame to EU
While the cause of the incident has been attributed to Crowdstrike, Microsoft has also faced some criticism for the ability of a third-party service to cause a Windows crash.
JJ Guy, Sevco Security CEO, said the incident was linked to Windows software and the real problem was that the update caused “repeated blue screens on reboot”.
“Any software causing repeated failures on boot should not be automatically reloaded,” Guy said. “We’ve got to stop crucifying CrowdStrike for one bug, when it is the OS’s behaviour that is causing the repeated, systemic failures.”
But Microsoft has pointed the finger at a separate entity for creating the environment for this type of incident to happen – the EU. Microsoft said it allowed multiple security providers to install software at the kernel level due to an agreement with the EU in 2009 to avoid a competition investigation.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.