At the 2024 DEF CON hacking trade show, CrowdStrike found itself in the spotlight for all the wrong reasons. The global security firm was awarded the “Most Epic Fail” at the Pwnie Awards, a long-standing tradition at DEF CON and Black Hat security conferences that highlights both exceptional and disastrous moments in information security. This year, CrowdStrike earned the dubious honor due to a catastrophic update to its Falcon Sensor security tool, which caused Windows machines around the world to crash and become unbootable.
In a surprising turn of events, rather than shying away from the embarrassment, CrowdStrike’s president, Michael Sentonas, showed up in person to accept the award. This move was unusual, as past winners of this ignominious accolade—companies like Microsoft, the TSA, and Bloomberg—have typically opted to stay far away from the spotlight. Sentonas, however, took the stage at DEF CON and acknowledged the gravity of the mistake, stating that it was “definitely not the award to be proud of receiving.”
The Pwnie Awards, known for their categories like “best desktop bug” and “lamest vendor response,” made a point of emphasizing the scale of CrowdStrike’s error by placing the usual pony statue atop a much larger trophy. Sentonas, with a sense of humor and humility, remarked that accepting the award was important, as it symbolized owning up to the massive failure.
The faulty update that led to the award caused havoc across global IT infrastructures, with millions of Windows machines affected. IT teams worldwide were forced to manually repair systems, a process that could have been avoided with better quality control measures. Sentonas’s decision to accept the trophy in person, and his plan to display it at the company’s Texas headquarters, serves as a stark reminder to all employees of the importance of vigilance and accountability in cybersecurity. While it may not be a moment to be proud of, CrowdStrike’s willingness to “own it” might be a step towards restoring trust in the company.