Reflections on the CrowdStrike Incident: Rethinking Digital Trust

The recent Crowdstrike incident revealed a curious aspect of cybersecurity: the insider threat posed by software, not just people. While many invest in training to safeguard systems from human errors and malicious intent, how do we protect systems from other systems? Especially when these systems are vetted and trusted? NotPetya showed us the chaos a rogue update can cause, but what about when it's a one-off honest mistake?

I wonder, where does trust fit into our organizational processes? We're all interconnected, relying on joint infrastructure, and we face a new kind of vulnerability. How can we address that joint vulnerability together??

In today's agile development world, updates are constant, part of a never-ending cyber arms race. We patch, we roll out fixes, but sometimes, I feel like we've lost the thoughtful consideration of the old waterfall days, where you had to actually think about the impact of what you’re building before you push it live.

Mistakes are inevitable. No matter how robust your processes or talented your team, errors occur. They might go unnoticed, having little impact. Or your company name might end up in headlines causing very real emergencies for IT teams.

So, what's the solution? Technical fixes and new oversight mechanisms address part of the problem, but not all. We need a broader understanding of the challenges of operating in an interconnected and interdependent system. How can we better protect our systems from themselves? How can we redefine trust in an interconnected world?

Shameless Self Promotion

If you found this information valuable and know an organization that could benefit from it, please consider booking my keynote, "Maximize Your Impact." This talk delivers actionable insights to increase your impact in the workplace, advance your career, and make the world a better place.

I am available for in-person Keynotes as well as virtual Lunch and Learn sessions. Get in touch for more information.