Massive airline interruptions, blue screens of death in Times Square, and widespread service outages at businesses—the glitch that crashed countless millions of machines from enterprise security firm CrowdStrike beginning on July 19 has likely run up a staggering bill in direct and indirect costs.

But while CrowdStrike identified the root cause as a bug in a quality control system within hours—and it claims the vast majority of client machines now are back online—the timeline for who pays for damages is likely in months or years.

A hazy timeline

Taz Koujalgi, a managing director of equity research at Wedbush Securities who specializes in the enterprise software sector, told IT Brew the outage was “way wider than anything we have seen,” with total losses, though unknown exactly, in the billions of dollars.

“I don’t think anyone has a good answer on the number, and who’s going to pay for that number,” Koujalgi said.

Read the rest here.—TM

IT pros: Are you considering getting your company onboarded with an AI writing tool? If so, you probably have questions about proper implementation, compliance, and security.

The good news is that Grammarly has answers to your questions. Grammarly is the leading AI writing assistant that’s trusted by over 70,000 teams because of their enterprise-grade security measures, including:

• a data privacy promise to never sell customer data
• SOC2 and other enterprise-grade attestations
• in-product safeguards
• custom security settings

Plus, you can get up and running in just one day. Find out how you can deploy AI that's in your control by learning more about Grammarly for Business.

Input your AI communication cheat code.

It’s not every day you hear industry experts calling for more government intervention, but when it comes to tech policy, some experts are asking for clearer guidelines.

“Regulations need to have actual consequences behind them for people to make these changes to technology,” software developer and technologist Thomas Haver told IT Brew.

Haver added that putting regulations in place can help with data privacy and security. He likened the rules to other industries, like air travel: You don’t want the airlines to ignore the guidelines in place for customer safety. It’s a similar situation for cybersecurity, or any sector that deals with people’s information and safety—and the ramifications of ignoring the guidance need to be sufficient enough to discourage bad behavior.

Choppy waters. There are some hurdles in front of such an effort. The Supreme Court’s decision in June, limiting government agencies’ ability to regulate industry—known as Chevron deference—is already handcuffing the executive branch’s power. And, as Axios reported, the Corner Post ruling on July 1, which removed a six year statute of limitations on challenging agency actions, makes things even harder because it “effectively removed an existing six-year limit on the right of affected parties to challenge regulations.”

Read more here.—EH

In 2003, when Congress passed the CAN-SPAM Act to address unwanted electronic messages and to ensure that email senders do not mislead recipients, Dennis Dayman, CISO at Code42 (acquired by Mimecast), felt at the time that some of the language was unclear.

“Is a sender an email service provider? Or is the sender you or I? Is a sender a corporation that might be sending out certain messages that may not be related to marketing? And so we actually had to go back to the Federal Trade Commission, who is the authority in this, and say, ‘Hey, we need to get clarification,’” Dayman told IT Brew.

The FTC-enforced CAN-SPAM Act, ultimately defined ‘‘sender’’ as ‘‘a person who initiates [a commercial electronic mail] message and whose product, service, or internet website is advertised or promoted by the message.’’

In late June, in a 6–3 vote, the Supreme Court overturned a legal precedent that favored agency expertise and authority when courts face unclear congressional laws. The reversal of the so-called Chevron doctrine, established in 1984, means that “courts may not defer to an agency interpretation of the law simply because a statute is ambiguous,” according to the majority opinion written by Justice Roberts.

We asked legal experts and IT pros: What are the IT consequences of Chevron’s overruling?

Aaron Rose, security architect manager and vertical solutions for the office of the CTO at Check Point Software: One could say that we’re adding another layer of complexity here, because instead of just going to the agencies who are going to write the rules, and then enforcing them, we now have to have Congress write the laws so that the courts can interpret them—but Congress and the courts both are going to have to rely on those agencies for their domain expertise.

Keep reading here.—BH

Follow the leader. What leader? Oh, just Sophos. G2 recently named them a leader for endpoint protection, firewall, EDR, XDR, and MDR—just to name a few. See why Sophos is such a popular firewall solution. Hint: It might have something to do with their breadth + depth of protection.