Most cyberattacks can be prevented by taking a few simple precautions.

We live in a world of clickbait and algorithms that favor the most extreme titles, opinions and content. Add in the real challenges individuals and corporations faced over the last 12 months, and we may be tempted to ignore certain big stories in the news. But sometimes a “chicken little” headline is warranted. The SolarWinds breach is one of those stories. But first, here’s a little background.

What we know about the SolarWinds breach

SolarWinds is an Austin-based network monitoring software provider. In addition to many private sector organizations around the world, certain departments in the U.S. federal government are among its clients. So, you can see how a breach in its defenses would be cause for considerable alarm.

The infiltration was first reported on December 13, 2020. So, by now, most of you are likely familiar with the breach. If, however, you aren’t, you can find more information and the latest updates here. In the days and weeks that followed the initial announcement, the public and customers discovered even more troubling details:

  • SolarWinds was victim of a breach of their systems, which led to attackers implementing a supply chain attack within SolarWinds software
  • SolarWinds was compromised for months, affecting over 18,000 businesses.
  • Microsoft, along with many Fortune 50 were part of those affected.
  • Over 3000 email accounts at the U.S. Department of Defense were affected.
  • Advanced hacking tools were stolen from a top cybersecurity firm, FireEye.

What is a supply chain attack?

A supply chain attack is used by threat actors and adversaries to abuse existing, trusted software installations to deploy advanced malware, ransomware or extortionware. Attackers will identify opportunities to breach software or service providers and embed malware or other malicious tools into that software. The software is then deployed or used by companies across the world. Through this attack, threat actors are able to embed their malware into trusted system or application updates, which are then installed to their customers systems, providing opportunities to access those customers’ systems and networks. 

The basics of preventing a breach

Data security continues to be a top concern for businesses around the world, and it should be. Evidence suggests that hackers are emboldened, and attacks are becoming increasingly sophisticated and more frequent. Last year, the FBI reportedly saw a significant increase in cybercrime due to COVID-19. VMWare also released the results of its first cybersecurity threat survey. In it, ninety-two percent of survey respondents in the U.S. said the number of cyberattacks had increased in the last 12 months. A supplemental survey specifically found that a staggering 89 percent had been targeted by malware directly related to COVID-19.

But all hope isn’t lost. Most cyberattacks can be prevented by taking a few simple precautions:

Get the right endpoint protection

 You’ve likely heard the saying “An ounce of prevention is worth a pound of cure.” Well, when it comes to preventing an attack that could have devastating implications for your brand reputation, the old adage is true. Let’s take a moment to examine the SolarWinds attack. In this case, the culprits specifically designed their infiltration code with a “kill switch” that avoided businesses and organizations secured by certain advanced endpoint protection software. So, if you were running top-tier protection software, such as CrowdStrike, SentinelOne, and others, you likely weren’t impacted by the breach. This, of course, assumes the software was properly deployed and managed on these systems. On the other hand, if you had lower tier antivirus or antimalware protection software, your organization may have been affected. While cost-conscious products are somewhat effective at preventing attacks, they are insufficient at preventing hackers’ more sophisticated, well thought out and targeted infiltration plans.

Invest in a managed detection and response service

When it comes to thwarting sophisticated attacks, small-to-medium-sized businesses (SMB) and even many mid-size enterprises (MSE) often find themselves at a disadvantage. This is particularly true for those SMBs or MSEs with limited IT staff or financial resources. Advanced protection software and the necessary training to effectively manage it can be costly and out of reach for businesses already struggling to stay afloat amid pandemic-induced economic challenges. So, what’s the alternative? Managed detection and response (MDR) services can provide a more cost effective, individualized approach to securing an otherwise vulnerable business infrastructure across the entire supply chain.

Stop Advanced Threats from Infiltrating Your System
Get the Datasheet

The SolarWinds attackers may be just getting started

At the beginning of this blog, I said that sometimes a “chicken little” headline is warranted, and in the case of the SolarWinds breach, I think it is. Here’s why. Because this was a supply chain attack, affecting thousands of government agencies and businesses, we still don’t know the full extent or reach of the damage the perpetrators caused.

The attackers allowed the malware to lay idle for nearly 9 months to see if anyone or any system detected it. When no one and nothing did, they executed it. But here’s what you may not have known. The only reason the attackers were discovered is because they intentionally decided to target a well-known cybersecurity company that would give them the capability to orchestrate even more sophisticated attacks in the future. That’s what’s most concerning to me, and it should be for you, too. It may not be over, and, in fact, it likely isn’t.

While the cybersecurity solutions and tools available to businesses large and small are not revolutionary, many are proven and effective. The best defense is good planning and situational awareness, so before a breach or attack occurs, make sure you’re taking the appropriate steps to minimize your vulnerabilities and protect your business, reputation and customers.

About Tom 

Tom Callahan has spent more than 15 years in information technology and security, focusing on areas like cloud services, cybersecurity, infrastructure and operations. His background also includes business IT restructuring and retooling to support ongoing changes throughout information technology and security.

Tom joined PDI through its December 2020 acquisition of ControlScan Managed Security Services. He holds a B.S. in Information Technology from Towson University. He’s also a Red Hat Certified Engineer (RHCE), Certified ScrumMaster and an active member of the Mid-Atlantic CIO Forum. Find Tom on LinkedIn and Twitter.

You can thrive in today’s digital economy. Contact us today, to learn how we can help you transform your business.