You may have heard about the recent SolarWinds breach that affected companies like FireEye, Microsoft, the U.S. Treasury, and many more. The Texas-based software company stated that over 18,000 of their clients were breached in some way, however, some more severely than others.
What is said to be one of the biggest hacks in U.S. history, this incident is suspected to have been carried out by Russia according to U.S. officials, however, this has not been yet confirmed.
The incident is classified as a supply-chain attack. A supply-chain attack happens when a cybercriminal targets less secure areas of an organization's supply network and seeks to cause damage. Similar to ransomware attacks, we will most definitely be seeing more supply-chain attacks in the near future.
There are a number of security vulnerabilities that SolarWinds had, some being weak passwords and oversharing sensitive information on their website such as their client list. What this did was let cybercriminals find access points and information which made the hack possible, and knowing that SolarWinds had such high profile clients, it was like hitting the jackpot.
What the cybercriminals did was infiltrate the Orion updates with malicious code which is software run by SolarWinds and which caters to businesses and governments in the incident of outages. The infected system then gave cybercriminals remote access to the sensitive data of thousands of organizations and their networks.
The breach went undetected for weeks before cybersecurity company FireEye noticed they suffered a breach. The impact of the breach was severe partly due to the fact that it took so long to discover, giving cybercriminals ample time to steal information.
First off, it’s always good to learn from others’ mistakes. In this case, we see the importance of having strong passwords for all systems, and having proper security in place to reduce vulnerabilities and points of entry from malicious actors. We also see how oversharing information online such as a client list may pin your business as a target.
Cyber risks are only increasing, so it’s crucial for you and your employees to stay up-to-date on safe cybersecurity practices.
If an event like this happens to your business it could be extremely costly, horrible for your reputation, and detrimental to your stock prices. For SolarWinds, this one incident costed them over $343 million which is 45% of their total revenue and that does not include the intangible and lasting costs of the breach. Alongside this, their stock prices dropped 25% since the news of the breach surfaced.
Prevention should always be your top priority. Most businesses couldn't survive a breach even half the size of the SolarWinds hack.
For an affordable and top-level solution, check out the protection plans we offer!
Click HERE to find out more!