In the aftermath of the global IT outage caused by a serious flaw in US cybersecurity company CrowdStrike's systems, there have been no reports of further major disruptions on Saturday.
However, despite the Texas-based company having largely contained the situation, the effects are still expected to linger in some places – and even within CrowdStrike's own business.
In the UK, flight delays and cancellations across London Gatwick, Heathrow Airport, Manchester Airport and Belfast International Airport are forecast to have a ripple effect throughout the weekend.
Airline check-in systems are “now back up and running”, but flights “may still be subject to delays and cancellations”, Manchester Airport said in an update on its website. It also advised passengers to regularly check the status of their flights before they leave for the airport.
A representative for London Gatwick has said to expect the same, with the majority of its flights to operate “as usual” by Sunday.
Airports across the US and Asia, including in Hong Kong, India, Indonesia, Singapore, South Korea and Thailand, have either resumed operations or are mostly back to normal.
Ciaran Martin, the former chief executive of the UK's National Cyber Security Centre, said the worst of the disruption is over.
“The worst of this is over because the nature of the crisis was such that it went very badly wrong, very quickly. It was spotted quite quickly, and essentially, it was turned off,” he told Sky News on Saturday.
Meanwhile, in Saudi Arabia, Matarat Holdings, provider of aviation services in the kingdom, said operations at its airports – including those in Riyadh, Jeddah, Dammam and Cluster 2 in the capital – have “resumed effectively”, the Saudi Press Agency reported on Saturday.
However, the company also encouraged passengers to “contact their airlines for updated flight information before heading to the airports and look at Gaca’s [General Authority of Civil Aviation's] passenger rights protection regulations”.
CrowdStrike has two problems
Within businesses and investors, CrowdStrike has become a popular provider thanks to its branding as a one-stop shop for endpoint cybersecurity.
But after a bug in the company rocked global IT systems on Friday, they might be rethinking their positions on the company once considered a Wall Street darling.
Microsoft said on Saturday that 8.5 million Windows devices were hit by the crash, which amounted to less than one per cent of all Windows machines.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services”, it said.
Specifically, CrowdStrike may face two serious problems – customers may look elsewhere, which in turn opens up opportunities for its rivals.
“It was a huge deal with serious impacts on critical infrastructure operations across the world,” said Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, in a LinkedIn post published on Saturday.
“Any company that builds any kind of software should design, test and deliver it with a priority on dramatically driving down the number of flaws.”
The disruption “is clearly a major black eye for CrowdStrike and the stock will be under pressure after this outage related to Microsoft has caused massive disruption globally”, Daniel Ives, managing director and senior equity research analyst at Wedbush Securities, wrote on X.
This demonstrates how interconnected and vulnerable IT infrastructure can be, Andreas Hassellof, chief executive of Switzerland-based technology consultancy Ombori, told The National.
“There's now a risk that companies might become hesitant to apply crucial updates, fearing similar outages. However, this approach would leave them more susceptible to cyber attacks. It's absolutely vital that organisations don't overreact by avoiding updates altogether.”
Markets bugged
CrowdStrike is one of the most popular cybersecurity companies, with about 29,000 customers, providing endpoint protection, according to its website. It has a nearly 24 per cent market share, according to industry tracker 6sense.
Endpoint security, or endpoint protection, is the cybersecurity approach to defending desktops, laptops and mobile devices, the ones most used by companies and individuals, from malicious or threatening activity.
Confidence in the company, however, has been affected by the outage, which highlighted the importance of “rigorous testing and staged updates for endpoint detection and response agents”, said Kevin Reed, chief information security officer of Switzerland-based company Acronis.
“Normally, testing is done with every release and can take days to weeks, depending on the size of the update or changes. The ease with which their driver files can be deleted also raises questions about the self-protection mechanisms of CrowdStrike's software.”
CrowdStrike has said that it understood how the issue occurred and that it is doing a “thorough root cause analysis to determine how this logic flaw occurred”.
Global stock markets were dragged down as well, as companies worked to address the effects of the disruption.
On Wall Street, the S&P 500 – which only on Tuesday posted another record high – closed 0.7 per cent lower for its lowest close in about three months, snapping a three-week winning run.
The Dow Jones Industrial Average declined 0.9 per cent, while the tech-heavy Nasdaq Composite retreated 0.8 per cent.
In Europe, London's FTSE 100 was also among those affected by the problem, which caused a delayed start and the inability to provide pricing data for about four hours.
Trading on the index, however, was able to continue, and it finished down 0.6 per cent. Paris' CAC 40 retreated 0.7 per cent, and Frankfurt's DAX settled 1 per cent lower.
Earlier in Asia, markets also felt the brunt of the CrowdStrike glitch, after already being weighed by concerns on China's economy.
Hong Kong's Hang Seng index fell 2 per cent, while Tokyo's Nikkei declined 0.2 per cent. The Shanghai Composite, however, bucked the trend, as it eked out a 0.2 per cent gain at the close.
Companies whose operations were disrupted were also dragged down.
In aviation, the long queues that frustrated travellers at US airports initially hit airline stocks, but they were able to recover gradually. Shares in United Airlines and Delta Air Lines climbed 3.3 per cent and 1.2 per cent, respectively, after order was restored.
Healthcare stocks were not hit hard, but as an industry, they continue to be felt. Pharmacies, for instance, remain troubled in performing essential tasks, the vice chairman of the UK's National Pharmacy Association said.
As of Saturday, pharmacies have had “continuous problems”, preventing them from downloading new prescriptions, Olivier Picard told BBC Breakfast.
“Most pharmacies will have an office or computer-based system rather than online. That's not all, but that's the majority of pharmacies, so we were able to continue working with what we already had.”
Is this an opportunity for CrowdStrike's rivals?
Unsurprisingly, CrowdStrike was the hardest hit.
The company immediately suffered, with its shares plunging about 20 per cent in pre-market trading on Friday, as the chaos unfolded, wiping about $16 billion off its market capitalisation.
Its stock price eventually settled down more than 11 per cent at the closing bell, as its market cap stood at more than $74.2 billion.
Meanwhile, Microsoft, whose systems were the main gateway for the disruption, closed down at 0.7 per cent.
The entire drama has opened up opportunities for CrowdStrike's rivals, as businesses and investors look to other cybersecurity companies, highlighting the risks of being dependent on one company.
Fellow US companies SentinelOne and Palo Alto Networks rose 8 per cent and 2 per cent, respectively.
Even Tesla Motors chief executive and X owner Elon Musk said: “We just deleted CrowdStrike from all our systems.”
Still, some analysts believe that CrowdStrike's debacle may not be cause for alarm, noting how the company handled the situation and its trustworthiness.
“Outages happen and the scale here is meaningful, but we think diligent hand-holding and efficient response from CrowdStrike will be helpful,” analysts at JP Morgan said on Friday.
Efforts to restore full order “will be continuing”, CrowdStrike said in its latest update on its website.
“We are committed to identifying any foundational or workflow improvements that we can make to strengthen our process.”
