COVINGTON, Ky. — Many businesses took several days to reboot their systems after the CrowdStrike outage, an update failure that shut down millions of Microsoft computers. Some are still feeling the effects.
Cyber security experts in Kentucky say the outage should serve as a wake up call for how vulnerable people are to future cyber attacks.
When he’s not serving his mayoral duties in Fort Wright, one can typically find Dave Hatter messing around on his computer.
He’s glad his computer wasn’t one of the nine million affected by the massive CrowdStrike outage. Keeping it safe is of utmost importance to him as a cyber security professional who spent 25 years as a software engineer.
“Cyber criminals will exploit what are known as zero day bugs. They’ll find a flaw in an application. And then until the vendor can fix it, it’s a field day for them to exploit it,” Hatter said. “It’s a significant concern of mine. We’ve got to get to a place where even though speed is important, we’ve got to stop focusing on speed and market share and revenue and things like that, and start focusing on the real world impact of this software when it goes bad.”
That’s something Tyler Van Dyke gets into with his students as program director of the Computer IT Department at Gateway Community and Technical College.
“Most, if not all, of our data today goes across a network and we hope it gets into the right hands. We hope that when we send our online bank account to amazon to pay for something on prime, we hope that nobody’s intercepting that,” Van Dyke said. “Having a better understanding of these systems makes you less dependent on IT teams. It gives you a lot more freedom.”
The CrowdStrike outage affected just 1% of Windows computers worldwide. Hatter said, while evidence points to it being a bug and not an attack, it was also a reminder.
“I don’t think most people really understand how fragile our society is,” he said. “What we saw on Friday is a little taste of what is coming if we don’t get serious about addressing these issues now, building software that has transparency throughout its supply chain. Most people as individuals and most organizations are not well prepared. I see it every day.”
Things people should do, he said, include using password managers and multi factor authentication and backing up devices. In a world increasingly dependent on software, what happened with CrowdStrike can happen again, or worse.
“I think it’s the first of many,” Hatter said. “There’s nothing you can do that’s gonna be 100% bulletproof against some kind of cyberattack. Because I’m many cases people are the weakest link and someone will get fooled into doing something they shouldn’t have.”
That’s why learning as much as they can could help keep people safe.
Hatter said he’s a fan of the Kentucky Consumer Data Privacy Act, which goes into effect in 2026. It provides incentives to businesses to protect consumer data.