You may not be aware, but there has been a new breach that is making waves in the world of business. SolarWinds is a company that makes network management and cybersecurity software. While you probably have not heard of them, they are a large and very well-respected company in the security space for enterprises and managed service providers, such as Sawyer Solutions. Full Disclosure: We use a number of SolarWinds products to support our customers. None of the tools we use is currently believed to be involved in the breach.
A Little About the Hack
While the investigation is ongoing, this is what is known so far: The bad guys, which is assumed to be a Russian government-affiliated hacking group, was able to breach one of SolarWinds flagship products they sell to enterprises and governments. This was accomplished by breaching a 3rd party piece of code that SolarWinds includes in their products, so they didn’t actually have to attack SolarWinds directly. This type of attack is called a “Supply Chain Attack”. The massive Target breach from several years ago was another example of a supply chain attack.Once the compromised code was in place, the hackers had free rein on affected networks for an estimated 8 or more months. This attack was discovered by FireEye, which is one of the top cybersecurity firms in the world. They had a data breach, which they were able to trace back to this attack. Currently, the full extent of entities that were compromised is not known, but there are already several government agencies that have reported intrusions.
That’s Great, But How Does This Affect Me?
While it is extremely unlikely that you will become the target of a government level attack, they are not the only actors out there. There are plenty of people in other parts of the world that are looking to break into systems to reap some financial reward. Additionally, even if you are not directly targeted, someone in your supply chain may get breached. Perhaps the company that writes the software you use to manage your business becomes a target. Maybe the MSP where you outsource your IT gets breached. The fact of the matter is, you need to assume it’s a matter of when your business has a breach, not if.
Due Diligence
With the rise of the data breach reporting laws around the country, it has become even more imperative that you do the things that a “reasonable” business would do. These are things like regular risk analyses, strong and paid antivirus, keeping your computers up to date, backing up your data, and more.Doing these things won’t guarantee that you are safe from data breaches, but if you have one, then you are in a much better place with the inevitable lawsuits arrive. At Sawyer Solutions, we take security very seriously. All these strategies mentioned are things we engage in with clients regularly. We can help your business accomplish them as well. Not sure what your business needs? Contact us for a free consultation and see how we can help you set your business up for success!