Digital trust is crucial in modern cybersecurity, defined as users’ confidence in the ability of people, technology, and processes to create a secure digital environment.[1] It mirrors patients’ essential trust in pharmaceuticals; both scenarios involve an intrinsic relationship where the end user relies on a product’s safety, efficacy, and reliability. This parallel underscores a universal truth: trust is a vital currency in any sector where the consumer has limited visibility into the processes, whether it involves medications or technological services. In the pharmaceutical industry, trust is built over time through painstaking research, regulatory compliance, clinical trials, and ongoing evaluation through pharmacovigilance, all designed to assure patients and providers of a drug’s safety and effectiveness. Similarly, in IT services, particularly cybersecurity, trust hinges on best practices, transparent processes, and verifiable outcomes.

The CrowdStrike incident: a case study

The CrowdStrike incident on July 19, 2024, provides a poignant case study highlighting the crucial need for digital trust. An update to the Falcon sensor application led to widespread outages, impacting approximately 8.5 million Windows machines due to a substantial coding error. The responses post-incident unveiled vital factors that contributed to the outage: a flaw in a content validation process and the failure of specific testing protocols that could have identified the potential vulnerability.[2] The dynamics of the events resembled the Swiss cheese model of accident causation.[3] CrowdStrike’s response to the incident – committing to enhanced software testing and adopting a staggered deployment strategy – reflects approaches commonly employed in the pharmaceutical industry. As pharmaceutical manufacturers routinely revisit and refine their quality assurance processes, software vendors must continuously improve their development and release processes.

Lessons learned and recommendations

A key takeaway from the CrowdStrike incident is the risk associated with automated updates, which, although crucial for efficiency and maximum protection, can result in widespread failures. Cybersecurity solutions vendors should prioritize software testing processes to mitigate future incidents, emphasizing the importance of extensive and exhaustive code testing before deployment. Moreover, effective communication strategies are vital to maintain transparency during IT incidents. The CrowdStrike outage spotlighted organizations’ need to provide clear directions regarding the incident’s cause, immediate remediation actions, and preventive measures moving forward. Drawing parallels with the pharmaceutical industry, organizations must also foster a culture of accountability, demand adherence to ethical practices, and demonstrate a proactive stance toward the quality of processes and products. Building digital trust through more effective software testing or responsive communications is imperative for long-term success in today’s digital-centric marketplace.

References

  1. Digital Trust – CIO Wiki. https://cio-wiki.org/wiki/Digital_Trust
  2. https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
  3. https://en.wikipedia.org/wiki/Swiss_cheese_model