“Today was not a security or cyber incident. Our customers remain fully protected. We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” Kurtz’s latest statement, which CrowdStrike emailed to 404 Media, reads.
Just a note that this is the very definition of a “security or cyber incident”. It is a Denial of Service (DoS), even though it is an own-goal on Crowdstrike’s part. There’s the concept of the CIA Triad – Confidentiality, Integrity & Availability – and CS broke down on the third leg of the stool.
The idea that “customers remain fully protected” when they cannot do business is the antithesis of security. It’s the equivalent of encasing Windows machines in concrete and sinking them to the bottom of the ocean – what’s the point?