In Case You Missed It: A global IT outage and rising AI cybercrime

/in , /von

Welcome toICYMI– a weekly snapshot of European news stories that have given me pause for thought. ICYMI is a chance for you to go beyond the front-page headlines and find out what other stories may be worthy of your attention. 

I wanted to start with the major global IT outage this week – a story most people will have heard about even if they weren’t directly affected by it. It’s brilliantly summed up by the BBC and, while the aim of this post isn’t to examine the details of what happened and why, it’s worth establishing the sheer scale of this incident.  

The BBC article describes how the 8.5 million devices affected by Crowdstrike’s defective software update ‘suggests it could be the worst cyber event in history.’ Microsoft’s David Weston was quoted, pointing out that it’s not just a question of individual devices and users being affected but that „the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services“. This side of the story was reported on heavily elsewhere, with massive disruptions, including over 1,500 flight cancellations in the US and 45 in the UK, and the NHS warning of ongoing delays in GP offices. 

Whenever major crises unfold there is enormous pressure and scrutiny on those responsible, particularly how they manage these issues from a communications perspective. Bloomberg ran an excellent piece with several voices from the industry highlighting some obvious mistakes made, including the lack of apology and human touch in the initial response from Crowdstrike CEO, George Kurtz. It also raises the possibility that this ‘lack of contrition stems from the IT sector’s longstanding struggle to relate in a more personalized and less robotic way with the general public.’ It seems initial feedback and criticism was taken onboard, as subsequent statements and interviews prominently feature an apology.  

While the impact of this major IT incident is still being felt, a piece in WirtschaftsWoche paints an entirely different picture of how any businesses can find themselves at the centre of their own cyber crisis. It highlights how cybercriminals are increasingly targeting businesses, exploiting both sophisticated techniques like zero-day exploits and simple phishing scams to infiltrate systems and steal sensitive data. 

What really makes this piece stand out is how seemingly elaborate and far-fetched examples of how AI could be used in cyberattacks are now very much a reality. It describes how a multinational company based in Hong Kong fell victim to fraudsters, who persuaded a company employee to pay the equivalent of around 18.4 million euros to them during a fake video conference. The article also highlights a survey from IT service provider, Sopra Steria, that found an increasing threat from AI-driven attacks and that businesses are not adequately equipped to defend against them. 

These two issues highlight once again, if any reminder were needed, that cyber crises can strike any company, at any time. While the specifics of each incident cannot be predicted, companies can control how they handle them and how they communicate to their customers, stakeholders and the wider public.