The combination of too few backups and a heavy reliance on software testing means that we could be in for more outages like the one caused by a faulty CrowdStrike update on Friday

Senior Irish IT security figures say that another major outage is “highly likely” or “inevitable”, with too few IT backups among major players and a “leap of faith” in current quality control systems.

The warning comes as the world is still trying to recover from a global ‘blue screen of death’ outage that knocked out airlines, broadcasters, telecoms firms and some major health providers.

The meltdown was caused by a faulty content update from the IT security firm, CrowdStrike, to major global companies and organisations.

“In the current tech environment, another outage of this scale is highly likely to happen again,” said David Russell, CEO of Elio Networks.

One problem, he said, is that meaningful backups are still too scant in some major organisations.

But the prevalence of, and reliance on, software in big organisations is also an issue, said Richard Ford, chief technology officer of the cyber-security firm, Integrity360.

“Another outage is inevitable,” he said. “CrowdStrike is one of thousands of software vendors whose software works in a similar way. They have access to, and interact with, the internals of the operating system and the hardware. They need that to work. But they also need to be incredibly stable. There’s a leap of faith that the testing and quality control is not going to put them in the same situation as the CrowdStrike issue.”

In Dublin Airport on Monday morning, US flights — worst affected by the outage — had mostly returned to normal, with just a handful of delays departing and arriving.

In Ireland, services worst hit included Ryanair flights, Leap card top-ups and the NCT bookings, although the banking and health services remained relatively unaffected. In contrast, most of the UK’s GPs were hit by the outage, causing disarray for people’s health appointments.

The National Cyber Security Centre, which commented on the situation on Friday, was unavailable to comment on what had been affected in Ireland, overall, or what the government’s response was.

“It is possible for us to see a similar outage in the future,” said Brian Honan, founder and CEO of BH Consulting, a cyber security and compliance firm.

“We rely on the vendors of this software to have robust testing, quality assurance, and regression testing process and procedures in place. But this is not the first time we have seen an update to security software cause a problem to the underlying operating system. In the past, updates to McAfee and Sophos both caused outages. The NotPetya virus originated from a malicious change by Russian state sponsored actors to an accounting software package widely used within Ukrainian businesses and that caused severe disruption to the global economy.”

In a blog post over the weekend, Microsoft said that 8.5m Windows devices were affected by the CrowdStrike outage, which represents under 1pc of all Windows installations globally.

Mr Honan said that the effect, though, was disproportionate.

“Those 8.5 million devices were in large organisations who’s threat and risk profile meant they could afford to invest in CrowdStrike’s solution,” he said.

“So a major disruption to these organisations, for whatever reason, could have similar global impacts to our economies and lives. I have no doubt that malicious actors will be reviewing last Friday’s incident to determine how their future attacks may cause similar disruption.”

Meanwhile, the CEO of CrowdStrike, George Kurtz, has apologised for the outage.

“The outage was caused by a defect found in a Falcon content update for Windows hosts,” he said.

“Mac and Linux hosts are not impacted. This was not a cyberattack. We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on.”

Reporting on:independent.ie