A recent and significant data breach affected government agencies as well as clients associated with various companies using security software developed by SolarWinds. Nearly all Fortune 500 companies were affected by the event known as the “SolarWinds hack.” While the perpetrators of the SolarWinds hack focused on high value targets, the resulting impacts and evolving cybersecurity changes will impact a surprising number of industries.
Mechanics of the SolarWinds Hack
SolarWinds develops a security software called Orion. The method of the attack involved embedding malware into standard software upgrades run at the organization-wide level. All users within the organization would undergo the software update, allowing the perpetrators wide-scale access to the infected organization’s network and data.
Once the breach was detected, companies had to scramble to update security protocol and begin to analyze the extent of the data extracted. The private security firm FireEye detected the breach and noted that a supply chain attack of this variety is a calculated endeavor that requires vast financial resources as well as technical expertise. It was confirmed that Russian Intelligence prompted the data gathering scheme and that the systems of nearly 18,000 private and government users installed the tainted updates.
What We Need to Learn
Methodology is Changing
Updating systems regularly helps ensure overall system stability. The SolarWinds hack demonstrates that hackers are becoming more aware of the protective measures organizations take to secure their networks and using those system stabilizing protocols as potential unauthorized entry points into the system.
The worry now is that new techniques are being developed to covertly enter systems without detection. We are still learning about the scope of the SolarWinds hack since the breach went undetected for a month-long period. Investigators say they believe that Russian hackers used multiple entry points in addition to the Orion update. The Orion updates were not automatic. They were also reviewed to ensure known threats were patched correctly so that the updates would not compromise systems.
Cyber Criminals Are Not Lone Actors
Another key point of concern with this particular event is the sophistication of the breach. Future cyber events may also be organized or even be foreign-state-controlled pursuits for high value assets.
Future Cyber Events May Be Even More Costly
Hacks that infiltrate multiple servers are expensive events. Following a hack, organizations need security updates to re-restrict network access. The more compromised servers, the greater the need for new security and protocol.
What You Can Do
A cybersecurity risk assessment will help you understand if you have existing vulnerabilities within your networks. Ongoing cybersecurity monitoring and improvements should become part of a plan to confront possible intrusion and malicious attacks.
The more that is revealed about the SolarWinds breach or new cyber vulnerabilities changing, the better prepared we can be. Developing IT assurances in your organization should be a priority, especially if you have to leverage technology during periods of business disruption. The more remote work devices in the picture, the more opportunities for malicious actors.
For more information about how to improve your cybersecurity protocol, contact us.
Copyright © 2021, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).