In December of 2020 it was discovered that the networking software company SolarWinds had been hacked. This has already proven to be one of the largest cybersecurity attacks in history, with the supply chain invasion affecting telecommunications and Fortune 500 companies, multiple departments across the U.S. federal government, the military, and a yet-unknown number of other establishments. Unfortunately, most organizations have not been prepared to detect or deal with a threat of this magnitude.
So what now?
While the breach itself has shaken the cybersecurity world, now the most important element is the after-the-fact investigation which could be ongoing for years to come. There is still much that cybersecurity experts do not know. Discovering the extent of the damage can only happen as time and investigations unfold. What we do know is that some footprints were erased, which makes tracing the events significantly more complex. If your data has been compromised, we can recommend detailed ways to deal with this event. At the simplest level, make sure your system has remained accessible and if necessary, triage data. Take time to do a deeper dive into items that were exploited or removed. Even if your organization was not affected by the SolarWinds attack, now is a great time to ensure proper policies and procedures are in place and to take note of any activity that seems out-of-the-ordinary. For example, atypical usage such as an increase in data movement during off hours, should be questioned and addressed as a potential threat. Being mindful of secure practices and having standardized protocols in place will go a long way in ensuring your protection.
For help with reviewing your systems and establishing or updating protocols, please contact us.