news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Author | Huang Yu

Editor | Zhou Zhiyu

Microsoft's "blue screen" caused a global "major outage", paralyzing nearly 8.5 million devices, shutting down many companies around the world, and suspending flights.

Such a cyberpunk scene occurred last Friday, becoming one of the largest outages in IT history. The "culprit" behind it was soon found to be the US cybersecurity giant CrowdStrike, which pushed an erroneous content update to Microsoft users around the world.

The large-scale "power outage" ultimately occurred because Microsoft Windows dominates the global desktop operating system, and in the global terminal protection software market, CrowdStrike is second only to Microsoft.

This IT disaster has sounded the alarm for the safe development of human science and technology: the operating system is the "foundation" of the entire IT industry. In the entire IT industry, it is like water and electricity. Over-reliance on any one company is dangerous.

Of course, it is not easy to break the global technology's dependence on a few companies. This storm has added fuel to the flames, making more companies and countries realize how important it is for operating systems and network security companies to be diversified and independently controllable.

Such reflection has ignited a spark, and more operating system and network security companies may have a good opportunity to show their strengths.

Many competitors of Microsoft and CrowdStrike have already tasted the sweetness in stock prices. In the A-share market, on July 22, cybersecurity concept stocks soared, with National Technology, Renzixing, Guohua Network Security, Jida Zhengyuan, and Geer Software hitting the daily limit or rising by more than 10%; Huawei Ora, Huawei Ascend, Hongmeng concept and other concept stocks saw a sharp rise.

crisis

Before this historic IT failure, most ordinary people were probably not familiar with the American company called CrowdStrike.

In fact, this company is a genuine American cybersecurity leader and has a large share of the cybersecurity market. However, its main service targets are corporate users and it is not widely used on personal computers, which leads to its low public visibility.

CrowdStrike has more than 20,000 customers worldwide, including technology giants such as Microsoft and Amazon. According to statistics from market research firm IDC, Crowdstrike accounts for about 18% of the $12.6 billion global endpoint protection software market, second only to Microsoft's 25.8% market share.

According to CrowdStrike, on July 19, CrowdStrike released a sensor configuration update to Windows systems, which triggered a logic error and caused the affected systems to crash and blue screen.

For CrowdStrike, this should have been a normal software update. Normally, this kind of update will be automatically updated in the background without any impact on users. However, due to a vulnerability in this update, it directly caused the system to crash during operation, eventually causing a global "major downtime".

Some IT industry insiders believe that as a security company, CrowdStrike's products should enhance the stability and security of the system, rather than undermine it. This incident is likely to have shaken the confidence of some users and potential customers.

Because the company was severely affected, Tesla CEO Musk said that CrowdStrike had been deleted from all systems.

In addition, risk, strategy and human capital consulting firm Marsh & McLennan Cos Inc. (MMC) estimates that more than 75 customers may file cyber failure claims due to CrowdStrike's global collapse.

Patrick Anderson, CEO of the Anderson Economic Group, a US research institution, estimated that the economic losses caused by this incident are likely to exceed $1 billion.

CrowdStrike will inevitably be hit. Due to its good performance growth in the past, CrowdStrike's market value has more than doubled in the past year. However, affected by this incident, it opened 15% last Friday and finally closed down 11.1%, the largest single-day drop since 2022, and its total market value evaporated by about US$9 billion to US$74.215 billion.

As a company involved, Microsoft was also affected, with its stock price falling by nearly 2% at one point and eventually closing down 0.74%. In fact, this is not the first time Microsoft has experienced a large-scale outage. In January this year, Microsoft Cloud had a global outage, affecting a range of services from Outlook to Teams; in May, Microsoft's Bing and Copilot services were interrupted for up to 24 hours.

Raymond, director of product operations at Tencent Security iOA, told Wall Street Journal that the Microsoft "blue screen" incident highlighted the vulnerability risks of the current global IT system, mainly including the vulnerability of large institutions' high dependence on a single supplier, the vulnerability of the Windows system itself, and the vulnerability of the network security product architecture.

Raymond pointed out that although the main cause of this blue screen was the update of the CrowdStrike software kernel driver, Microsoft, as the developer of the Windows operating system, can provide a more robust Windows system protection mechanism. For example, in the case of repeated blue screens, the root module that causes the blue screen can be automatically shielded to ensure the normal operation of the system, thereby reducing the impact of the failure.

The occurrence of Microsoft's "blue screen" is a warning that security is a matter of life and death in the digital age. The vulnerability of IT systems will inevitably attract attention and will also bring obvious changes to the development of related industries.

pattern

When a fatal error occurs, humans tend to reflect on it habitually. This incident has undoubtedly exacerbated people's concerns about the high concentration risks in the operating system and network security industries.

Raymond, director of product operations at Tencent Security iOA, told Wall Street Journal that the impact of Microsoft's "blue screen" incident is extremely wide-ranging and can serve as an opportunity to accelerate changes in the operating system and network security industries.

In the cybersecurity industry, just 15 companies worldwide account for more than half of the market for cybersecurity products and services. In the field of modern endpoint security, which is the business of protecting PCs, laptops and other devices, the oligopoly is even more serious, with three companies controlling half of the market, of which Microsoft and CrowdStrike are the two largest companies.

Among the desktop operating systems that the public is most familiar with, Microsoft's Windows operating system has been the only one for many years. According to StatCounter data, in 2023, Windows's global desktop market share will reach more than 70%, and other OSes including macOS and Linux will not exceed 10% of the market share of each company.

The concentration of the structure undoubtedly has adverse effects on network security and healthy competition. The diversification and independent control of operating systems and network security companies has long been imminent.

In Raymond's view, the global operating system software market will present a diversified development pattern. In the traditional terminal market, some companies will increase the proportion of MAC systems; at the same time, open source operating systems such as Linux will become an important force in the market.

In recent years, China has been vigorously promoting the development of the information technology field, among which the security of operating systems and domestic substitution are one of the key tasks.

In May this year, a new round of national testing results was officially released. Compared with the first round, the main feature was the increase in server operating system products, with the entry of major Internet companies such as Huawei Cloud, Alibaba Cloud, Tencent Cloud, as well as Kylin Security and Ningsi. The kernel versions of desktop operating systems have all been upgraded, mainly including the three desktop operating systems of Kylin, Tongxin and Fangde.

China has achieved certain results in localizing desktop and server OS. This year, Huawei also announced that it will launch "pure-blooded Hongmeng" on the mobile side, and the development of Hongmeng OS on the IoT and desktop sides is expected to accelerate.

In addition to the diversified development of operating systems, Raymond also believes that this incident will also accelerate the migration of enterprises to the cloud. Cloud vendors usually provide self-developed network security software, which is more compatible with cloud services, takes into account performance and efficiency, and also has a more complete protection mechanism and division of responsibilities.

According to IDC forecasts, by 2025, the number of IoT-connected devices worldwide will reach 51.9 billion, with 8.5 billion in China. The proportion of enterprises working remotely may exceed 97%, and 88% of enterprises may cooperate with more than two cloud service providers at the same time.

Shen Meng, executive director of Xiangsong Capital, also believes that this incident shows that even top system service providers may cause major information system security failures due to negligence, so there is still a lot of room for development in related industries.

The cybersecurity pie has always been surrounded by wolves. On July 14, it was reported that Google's parent company Alphabet was negotiating to acquire Israeli startup Wiz for $23 billion. This would be the largest cybersecurity company acquisition in history and the largest acquisition ever by Alphabet.

In addition, analysts at Debon Securities pointed out that with the frequent occurrence of cloud security incidents around the world and the promotion of my country's information technology innovation policy, a group of cybersecurity companies with core competitive products are expected to emerge.

Raymond said that after this incident, the stability of security products themselves (continuous stable working time, system resource usage, whether it affects other software) and system coverage (deep support for Windows, Mac, Linux, and other operating systems and server versions) will become important parameters when companies purchase them.

"It is expected that purchasing companies will require network security vendors to provide a product architecture framework to explain the principles of stability and strong compatibility. Taking Tencent iOA as an example, the product mechanism has placed the implementation logic in the system application layer as much as possible to avoid system risks caused by complex logic and frequent updates in the kernel layer." Raymond revealed.

Under the catalysis of AI, global digitalization is accelerating. In the era of the Internet of Everything, network security must always be placed in the most important position. Any small mistake may be infinitely magnified, causing irreparable losses.

The Microsoft "blue screen" incident threw a bomb into an industry that has always been dominated by oligopoly, and a new pattern is brewing in secret.