CrowdStrike's reputation has taken a beating after last month’s massive IT outage. But rather than duck the ridicule, the cybersecurity company decided to "own" the mistake this past weekend by accepting a cybersecurity humiliation award for "most epic fail."
At the DEF CON hacking show, the annual Pwnie Awards recognize achievements and major blunders in the cybersecurity industry. Past "winners" of the Most Epic Fail award include Microsoft, the TSA, and Twitter. This year, there was no question that CrowdStrike would receive the notorious title after the company accidentally distributed a faulty security update that bricked millions of Windows PCs and servers.
Although CrowdStrike could have easily ignored the award, CrowdStrike President Michael Sentonas accepted it in person, which elicited applause from an audience made up of other cybersecurity professionals.
Sentonas said it was important he accept the award so that CrowdStrike could “own” its mistakes. “Definitely not the award to be proud of receiving,” he told the audience. “I think the team was surprised when I said straight away that I would come and get it because we got this horribly wrong. We’ve said that a number of different times. And it’s super important to own it.”
He said he will prominently display the trophy he received at CrowdStrike’s headquarters in Texas “because I want every CrowdStriker who comes to work to see it.”
“Our goal is to protect people, and we got this wrong,” Sentonas said. “And I want to make sure everyone understands these things can’t happen, and that’s what this community is about.”
The gesture received praise from other cybersecurity workers since it's rare for a company to accept the Most Epic Fail award from the Pwnies. Still, CrowdStrike faces a long road to repairing its reputation. A pair of class-action lawsuits have already been filed against the company, demanding it pay damages for causing last month’s outage. In addition, Delta Air Lines—which was forced to cancel thousands of flights due to the disruption—is also considering a lawsuit against CrowdStrike and Microsoft.