Business leaders and the American public are only beginning to understand the magnitude of the Russian attack via SolarWinds, the hack that penetrated multiple systems of the U.S. Government, as well as several private-sector companies, including Microsoft.
Microsoft reports that it found no evidence of the hackers accessing live services or customer data or using its systems to attack others. Yet, the breach will undoubtedly require a long and involved investigation and result in significant financial consequences for Microsoft. The worst part is this SolarWinds cyberattack is not an isolated incident. Microsoft said it “delivered over 13,000 notifications to customers attached by nation states over the past two years and [has] observed a rapid increase in sophistication and operational security capabilities.” The SolarWinds breach is consistent with the attacks that Microsoft has observed.
This monumental cyberattack underscores the need for companies and organizations – of all types and sizes – to carefully examine their cybersecurity defenses. The immediate challenge for CIOs and CISOs is to assess their technology vendors and reinforce networks and systems prone to compromise. Vulnerabilities still lurk in the third-party vendor supply chain. Organizations need to fortify their security posture by examining their current controls, diversity of those controls, diversity of their security providers, and most importantly, they need to examine their internal cyber security awareness training program(s).
Earlier this month, TechCrunch weighed in on the Russian cyberattack implications: “Organizations focusing on defense in-depth, and defending forward, will be in a more resilient position.” The analysis suggests that companies should not place all their faith in a single security provider, but instead, implement layered controls with contingencies that address all probable and likely scenarios.
Defending against malicious attacks from bad actors is only one factor in security vulnerability. Studies show that up to 90% of cyber data breaches in 2019 were caused by unintentional human error. In this regard, security awareness training solutions that address specific roles within the organization and focus on how the employees’ role as the last line of defense against cyberattacks is crucial can go a long way in “defending forward” and mitigating risk.
Read the full TechCrunch article, “After the FireEye and SolarWinds breaches, what’s your failsafe?“ for more insights on how businesses can respond.