Microsoft – in response to the botched CrowdStrike update which shut down 8.5 million Windows-powered computers in July – announced it would be hosting a security summit next month in Washington to go over lessons learned from the worldwide outage.
The tech giant announced it would hold the “Windows Endpoint Security Ecosystem Summit” on September 10th at its West Coast home base in Redmond.
“Microsoft, CrowdStrike, and key partners who deliver endpoint security technologies will come together for discussions about improving resiliency and protecting mutual customers’ critical infrastructure,” the company said in the Friday blog post.
During the summit, industry leaders – including government representatives for transparency – will review the series of events leading up to the massive outage with the “collective goal” of creating “concrete steps” that Microsoft and its joint customers can take to improve security and resiliency.
Microsoft said the CrowdStrike outage was a teachable moment presenting “important lessons for us to apply as an ecosystem.”
Microsoft will host a Windows Endpoint Security Ecosystem Summit on Sept. 10 to meet with CrowdStrike and other endpoint security partners and discuss improving resiliency and protection for mutual customers’ critical infrastructure. https://t.co/3GHWYGdGEk
undefined Microsoft News and Stories (@MSFTnews) August 23, 2024
Discussions will also focus on safe deployment practices, how to design network systems for cyber resiliency, and how the industry can best work together as a whole.
Microsoft expects the summit to decisively produce both short- and long-term actions, as well as initiatives that will lead to “more secure and reliable technology for all,” the blog said.
Although not open to the public, Microsoft said it plans to share details about the discussions after the summit’s conclusion.
This is Microsoft’s first attempt to address the July 19th outage, which was blamed on CrowdStrike sending out an untested security software patch to thousands of customers, ultimately causing millions of Windows PCs to crash and show the dreaded ‘blue screen of death.’
The outage felt around the world
The CrowdStrike outage disrupted operations across the world, impacting multiple industries including major airlines, media outlets, banking, healthcare, and emergency services.
Delta Air Lines, who had to cancel thousands of flights due to its systems being down for nearly a week, filed suit against CrowdStrike earlier this month to try and recoup its estimated $500 million in losses.
CrowdStrike, which has lost about $9 billion of its market value since the outage, has also been sued by shareholders. According to Reuters, the shareholders said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause global disruption.
The outage and subsequent aftermath have raised questions not only about how to prevent future incidents but also about the dangers of companies not diversifying the cybersecurity products and vendors they use.
Security insiders have also warned of threat actors capitalizing on the chaos, with an expected influx of CrowdStrike-related phishing attacks, fake websites, and other nefarious scams to take place during the recovery period.
Furthermore, the outage highlights that many organizations are ill-prepared to handle a single point of failure, from less-than-effective incident response plans to poorly held backup systems.
"We look forward to bringing our perspective to the discussions with Microsoft and industry and government stakeholders on the need for a more resilient ecosystem," a CrowdStrike spokesperson told Reuters on Friday.
CrowdStrike’s CEO George Kurtz will testify in Washington at the request of US lawmakers later this year.
Your email address will not be published. Required fields are markedmarked