As someone who had to recover over 200 servers and help with 1500 desktops, I can say this was a huge and needless fiasco. This is not the first time CrowdStrike has done this and it’s not just limited to Windows systems. A few months ago they pood the screwch on Debian Linux systems. Same MO. Not enough testing.
Yours is a good analogy but I liken having marginal, basic security to using needle, ball, and airspeed to fly IFR. Can it be done? Yes. But what are your chances of a successful outcome? Better for some than others.
And I totally agree about 2FA. It’s a necessary PITA.