Why We Can't 'Over-Rely On Technology' After Global Tech Outage Affects Hospitals, Banks, And More
Industries like banks, hospitals, government agencies and airlines were disrupted around the globe Friday after cybersecurity firm CrowdStrike, suffered a massive international outage. Forbes contributor Emil Sayegh joined "Forbes Newsroom" to discuss.
Read the full story on Forbes: https://www.forbes.com/sites/emilsayegh/2024/07/19/widespread-technology-outages-and-the-imperative-for-ai-guardrails/
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Read the full story on Forbes: https://www.forbes.com/sites/emilsayegh/2024/07/19/widespread-technology-outages-and-the-imperative-for-ai-guardrails/
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Category
🗞
NewsTranscript
00:00Hi, everybody. I'm Brittany Lewis with Forbes Breaking News. Joining me now is Forbes contributor
00:08Emil Sag. Emil, thank you so much for joining me.
00:12Thank you. Excited to be here.
00:15You are a cybersecurity expert. So before we dive into the conversation here, give us
00:19a little bit about your background.
00:21Absolutely. Yes. I've been a serial CEO of multiple tech companies, been a CEO for about
00:2812 years, over three companies. And this latest company that I've led is a cybersecurity
00:37services provider. And we have been securing customers all over the world and protecting
00:46them against a lot of the cybersecurity threats that have been really active over the last
00:50two years.
00:52So you're the perfect person then to provide some insight into what happened on Friday
00:56when we saw what has been described as the largest IT outage in history. So this global
01:01outage disrupted industries ranging from hospitals, government agencies, banks, airlines. How did
01:08this happen?
01:09Absolutely. So in the industry, there's something very simple and that we call patching. This
01:17is when we send updates and you see those things on your phones, on your computers.
01:22We send a patch, we send an update to computers to update the software. And this is exactly
01:28what CrowdStrike tried to do. They have agents on a lot of these Microsoft-based computers
01:34that are running Windows and servers as well, not just PCs, but also servers. So they have
01:40these agents that they installed so they can look for nefarious traffic, for bad traffic,
01:46for malicious traffic, if you will. And these agents sit on these machines remotely. And
01:52then whenever CrowdStrike or any other software provider, for that matter, wants to update
01:58their agents, they send an update. Now, before we do these updates, usually we test them.
02:04We test them immensely, make sure that they're not going to cause an outage, that they're
02:08not going to have a conflict with the software that's running on these machines. This is
02:14usually what happens. Unfortunately, in this case, there must have been some kind of an
02:19oversight. Somebody didn't follow process and pushed an update to these agents that
02:26are sitting on these machines that had a conflict with the Windows operating system. So what
02:31happens is that the Windows operating system started going into a loop, what we call the
02:37blue screen of death, right? That's the nomenclature, the blue screen of death. And then these computers
02:42started going into this loop and never, never properly rebooting, frankly. And that's
02:49exactly what happened. All these computers are shut down. Servers are shut down until
02:53they figured out what the issue is. And they issued a fix for that.
02:58And no one wants to see a blue screen of death. That's especially for certain, especially
03:03on a Friday. But a lot of industries came grinding to a halt today. Everything from
03:09broadcasts to airlines, transportation, hospitals. What do you think it says that this type of
03:16outage could impact such critical industries?
03:21You know, this is how delicate our infrastructure is. And this is what I keep fighting about
03:25in Forbes, is that we have to make sure that we don't over rely on technology, and
03:31especially AI technology is the next thing. You know, we've got to make sure we don't
03:35over rely on a lot of these technologies. We have to build redundancy in our systems.
03:41As you saw, a lot of the Windows computers were down. And in this case, you know, people
03:47have to think about a hybrid approach to potentially their operating system, hybrid
03:52approach to their, to the software that they're deploying, so that they have, they don't
03:57put all their eggs in their basket. They have a level of redundancy. I think a lot of
04:03people are taking technology for granted. A lot of executives are taking technology for
04:07granted. CIOs are taking technology for granted, and putting a overweight belief in
04:16the fact that it was built in a redundant manner.
04:19So how do you become less reliant then on this type of technology as a CEO and not take it
04:24for granted because no one wants to show up to the airport and their flight not work
04:29because they're getting the blue screen of death?
04:33Yes, absolutely. The way you do it, first of all, is that the patching that is going on,
04:40this is a, I would say, one of the mundane tasks in IT. This is a very basic blocking and
04:46tackling task. We do that all the time. You know, we have to put proper change control
04:52mechanisms before we push these updates out, especially on a large scale. So companies
04:58like CrowdStrike, companies like Microsoft and others, before they push an update or
05:03before they allow an update, they have to certify that that update works and that it's
05:10not going to cause an outage like this.
05:12On a second level, we also have to diversify technologies. We have to be able to use
05:18virtualization to our advantage. Basically, we have the technology to switch from one
05:27technology to the next or have certain systems that could run on Linux or run on other
05:36technologies other than just Microsoft, if we so choose.
05:40So there has to be some hybrid approach to the technology deployments on the operating
05:46system, on the hardware, on the software, as well as whenever a change like this happens,
05:52we have to have a mechanism by which we can back out of these changes, back out very,
05:56very quickly and know exactly what was that last change that happened so that we can back
06:01out of it.
06:02So, Emile, to your point about putting all of their eggs in one basket, what do you think
06:07this means? Because it was able to affect so many services, should they diversify their
06:14cybersecurity? I mean, what does that look like?
06:18Absolutely. They should diversify their operating systems. They should rely on
06:22virtualization technologies, technologies such as virtual desktops so that they're able to
06:29switch from one operating system to the next.
06:34They should be also from a cybersecurity posture.
06:40I think one has to approach cybersecurity with a comprehensive approach.
06:45Having multiple providers, you know, is a double edged sword because then you get into
06:50finger pointing between the providers who caught what and what not.
06:54However, whoever provider that they pick needs to have good patching hygiene, good IT system
07:03update hygiene. This is not acceptable, what has happened.
07:07Although it does happen every once in a while, but it's never happened at this scale.
07:12And this just shows how much we've let lax IT practices start to dominate the way we
07:23operate. So we've got to go back to basics and software patches need to be checked, triple
07:29checked by both the company that is pushing those patches as well as the operating system
07:36that is allowing those patches to come in.
07:39I want to get your reaction to what CrowdStrike CEO George Kurtz posted.
07:44He said this in part after the outage today.
07:47Quote, today was not a security or cyber incident.
07:50Our customers remain fully protected.
07:52We understand the gravity of the situation and are deeply sorry for the inconvenience and
07:56disruption. What are your thoughts there on what he said?
08:01Well, I mean, my counter to that is that we have to take ownership.
08:07I've been on those in those shoes before, you know, over over 12 years as CEO.
08:13And before that, as a general manager of a very high volume cloud, a cloud computing
08:21platform. I've been in those shoes before.
08:24You know, one has to be contrite.
08:26We have to go figure out what went wrong.
08:28We have to do really true root cause analysis and not brush over it and sweep it under the
08:33rug. We've got to figure out how this never, ever can happen again.
08:39So my comment to him is that this is not a minor inconvenience.
08:42There were multiple people who were scheduled for surgeries today who were not able to
08:47get their surgeries done, which is which is frankly a pretty grave life and death
08:56situation. So this is not just an inconvenience where somebody misses their flight.
09:00This is actually, you know, we're putting people's lives in danger just because of our
09:04dependencies on all these technologies.
09:06So my advice is to really be contrite.
09:10Go figure out exactly what happened.
09:12Be honest with yourself, with your customers, with your employees, so that this can never,
09:17ever, ever happen before.
09:19I hear you raising the alarm here.
09:21Do you think this is a wake up call?
09:26Absolutely, this is a wake up call.
09:28I do think that many folks in the IT and tech field have been putting a lot of stock into
09:37technology and thinking that it's flawless.
09:40And today is a major wake up call because as as you saw and you pointed out, you know,
09:46people, you know, people couldn't couldn't have their operations done, you know, when
09:52they were scheduled. You know, it could be a life and death situation.
09:54So, you know, people need to understand in the IT industry in general, this is an
09:59admonition of everybody in the IT industry to make sure that we realize that what we
10:06are doing matters.
10:07What we are doing can be the difference between life.
10:11This is not about not being able to play a video game or somebody not being able to to
10:19pay for their coffee with their credit card this morning.
10:21Right. This is not about that.
10:22This is about things that matter, that are the differences between life and death.
10:28And I do think that a lot of IT professionals don't think of their jobs as that.
10:33They think of it as, you know, software or pushing updates and zeros and ones.
10:38But, you know, we have to take a step back and realize how pervasive IT technology and
10:44how dependent we are on IT technology and and make sure that we realize that we are
10:51causing major harm when we don't take proper precautions, you know, best agreed
10:55precautions, industry standard precautions in pushing in pushing software and updating
11:01software. I think to your point, I mean, even today I ordered a coffee on my way to
11:06work and that system was down.
11:08So I didn't get a coffee this morning.
11:10But I mean, that's no big deal compared to someone who's either getting on a flight or
11:13even worse, getting a surgery.
11:16So do you think that this indicates that there shouldn't be such a blanket technology
11:22here and that it should be more niche because the world can't come to a grinding halt
11:26based on one technological bug?
11:30Bingo, exactly.
11:32And and I think the issue that we have is that with AI, AI is making it look so
11:41seamless. It makes it look so believable that we are trusting it.
11:45Many people are trusting it blindly just because it looks and sounds good.
11:49It doesn't mean that it's accurate.
11:51It doesn't mean that it is the the truth, right, the output that we're getting from AI
11:57machines. And then same thing I would say with technology.
12:00And, you know, when it comes to performing life saving measures in general, we can't
12:10remember. We can't forget.
12:13I'm sorry. We can't forget the fact that we have to go back to basics and make sure that
12:20we know how to do things without the help of technology.
12:24You know, today it was an IT outage.
12:26Could it be a power outage tomorrow?
12:30Could it be an Internet outage tomorrow?
12:33Could it be a true cyber attack that cripples us?
12:36So we have to be able to do most life saving things without the help of technology.
12:43So that would be my parting words for the folks that are not in the technology field is
12:49that don't over rely on technology.
12:52You know, surgeons, please still know how to operate without the help of technology
12:58tools and flights controllers.
13:04Please don't forget how to land planes safely without the help of technology tools, etc.
13:12I think that's a really good reminder because even I got a few emails from various
13:16workout classes saying, hey, here's a reminder of how to sign up for a class without
13:21the app. You know, and I mean, it's crazy that people don't remember how to do this
13:26stuff when we didn't have this our entire lives.
13:30But how do you ensure that this type of thing doesn't happen again?
13:36Yeah, for sure.
13:38I mean, just like I said on the on pushing out the patches that CrowdStrike did, they
13:44have to go back to basics from an IT perspective and double check their patches, triple
13:49check them. And then on the recipient side, on all these machines and all these
13:55operating systems that are receiving these patches, they need to have a guardrail and an
14:00assurance, a handshake that says, OK, these patches have been tested on this operating
14:05system so that they're not causing outages again.
14:08However, as as you will know, you know, if issues happen again, we have to be prepared
14:15as professionals, each in our field to be able to operate without the assistance of
14:21technology, at least for a certain amount of time, for a certain period of time.
14:25Just like hospitals have generators, we have to be able to operate our functions,
14:32especially when it comes to saving lives without the help of technology.
14:38Amil, I appreciate your time today.
14:40You're welcome back any other time.
14:42Thank you so much for joining me.
14:44Thank you so much.