Visit our website:
http://www.france24.com
Like us on Facebook:
https://www.facebook.com/FRANCE24.English
Follow us on Twitter:
https://twitter.com/France24_en
Category
🗞
NewsTranscript
00:00For more, we can cross to the U.S. and speak to Matt Guerin, a cybersecurity expert at
00:04I.T. consulting company WaveStone.
00:07Thank you so much for taking the time to speak with us today.
00:10Just first, your reaction to this mass outage.
00:12Are these kinds of incidents sort of to be expected, or in your opinion, is this something
00:17that should have been avoided?
00:18Well, actually, it's a massive one.
00:22It's definitely a massive one.
00:24Unfortunately, what happens here is not so surprising for cybersecurity and resilience
00:28experts.
00:29I mean, all companies are in the process of consolidating their information system around,
00:34you know, very powerful vendors, cloud platforms, operating systems, and here are even security
00:39companies.
00:40And so they're very good at what they're doing.
00:42But the day something happens, it can be a catastrophe because they're everywhere in
00:46all different companies.
00:48And for the non-tech savvy among us, can you explain kind of in very basic terms exactly
00:53what actually did happen?
00:55Yeah, sure.
00:56So basic drought strike is, as you said, is a vendor, it's called an EDR.
01:04That means in endpoint detection response.
01:06So basically, it's a modern antivirus component that is able to detect not only simple malware,
01:12but advanced malicious behavior.
01:14And in order to do that, they need to go very deep in the system and be quite intrusive
01:19by design.
01:21And so that's the problem.
01:22It can interfere sometime with the operating system, with Windows, and lead to this kind
01:27of outage when there is a problem.
01:30And how do you fix this kind of outage?
01:32You know, Microsoft has said that it's been dealt with, that things are sort of returning
01:36to normal.
01:37But can you explain perhaps maybe what they did to fix it and how long that's going to
01:40take?
01:41Yeah.
01:42So the real problem here is that the workaround is manual.
01:45You have this, you know, blue screen of death.
01:47This is how you call it, like when you have this blue screen and you cannot do anything
01:51with your computer.
01:52And so it involves resolving it, involves booting up Windows machines into, you know,
01:58safe mode, finding a file, deleting it, and then rebooting it.
02:01So you cannot do anything remote.
02:03And that's the problem that they have here.
02:06So when you have 100,000 computers to reboot in your organization, I can tell you it takes
02:10a long, long time.
02:11You have to bring people on workstations.
02:15So this is actually very close in terms of impacts to, you know, the major cyber attack,
02:19that we had in 2017 called NotPetya.
02:23It was exactly the same thing.
02:24You had to fix manually each single device on your network.
02:28So it can take days and weeks for some companies to recover.
02:33In this case, though, it was definitely not a cyber attack, right?
02:36I mean, they said that it was a mistake in the system.
02:40As an IT consultant, what would you recommend companies do to avoid these kinds of problems
02:45in the future?
02:50It's not an easy one for companies.
02:51This is what we call supply chain security in our industry.
02:57I would say here they need to try, companies need to try as much as possible to deploy
03:02staging updates instead of updating all their components all at once.
03:09They need to try, you know, to stage it and to maybe start by a few computers before deploying
03:13it everywhere to test it.
03:15The problem is that it's not always technically possible.
03:18So they need to talk to their vendors.
03:20They need to talk to their providers in order to make it possible.
03:24So that can be a big deal.
03:26But that's, I would say, this is what I would recommend to avoid this kind of situation.
03:31And do you think that this is something that we should be worried about, you know, in the
03:34future?
03:35Are we just going to have more and more of these incidents given how increasingly dependent
03:38we are on technology?
03:40Yeah.
03:41And on this consolidation, as I told you, yes, definitely.
03:45I think that's the number one priority.
03:47And it should probably be the number one priority of regulators all across the world, governments,
03:52to make sure that you control and that we regulate these kind of companies and make
03:58sure that their security actually is secured enough.