The SolarWinds attack has shaken the technology and cybersecurity spheres to their core, compromising the security of both private businesses and the US government alike. This wide-reaching attack has brought the issue of poor cybersecurity within the US government to the foreground after years of insufficient action.
This devastating attack, the full extent of which is still unknown, does offer a silver lining: demonstrating the importance of good cybersecurity.
Remote Work Brings With it Increased Cybercrime
Remote work has come hand in hand with an increase in cybercrime as organizations adapt to employees logging on from less-secure home networks populated with various IoT and other devices, creating multiple unsecured or insufficiently secured entry points onto the network. Cybercriminals are taking advantage of these vulnerable entry points to access private data and critical systems and shifting tactics to better take advantage of unsuspecting victims as the pandemic rages on.
Lessons From the SolarWinds Attack
First discovered by the cybersecurity company FireEye in December of 2020, the SolarWinds attack allowed nation-state attackers (believed to be affiliated with the Russian government) to push malicious updates to a popular network monitoring product. This attack also created a backdoor in affected systems, providing attackers with ongoing access to inject more malware.
This incident has demonstrated the power of supply chain attacks (when malicious actors infiltrate networks via an outside partner or provider with access to a company’s systems and data) and highlighted the unfortunate reality that many organizations remain unprepared to detect, prevent, and address such attacks.
Cybersecurity Shifts From a Want to a Need
The biggest lesson to learn from the SolarWinds attack is that having a robust cybersecurity posture is no longer just a nice-to-have. Remote work has also made many organizations particularly vulnerable to attacks like the one perpetrated against SolarWinds as companies grapple with keeping remote workers secure.
What Should I Do? Cybersecurity Basics to Get You Started
Creating cybersecurity policies to safeguard your digital assets may be daunting, but there are a few basic steps every organization needs to take:
Create a Cybersecurity Incident Response Program
We’ve created a comprehensive guide to help your organization craft a robust yet flexible cybersecurity response program. It involves laying the groundwork by collecting critical documents, allocating resources, conducting risk assessments, and training your employees how to identify and respond to potential threats. Having a plan ahead of time is crucial since cyberattacks tend to unfold quickly, and ad hoc responses and decision-making processes are rarely sufficient to prevent or minimize damage.
Keep Your Software Up to Date
Making sure your software is kept up to date, and that outdated and unused programs are removed from your systems is one of the easiest things you can do to improve your cybersecurity posture. When software companies discover flaws or vulnerabilities in their products, they address them by issuing patches (snippets of code that correct the issue). However, you can only take advantage of these fixes if you download the patches.
Recently patched software is a common target for cybercriminals since not all users are vigilant enough to download the patch as soon as it becomes available. This means that cybercriminals often target recently patched software in an attempt to gain access to private or sensitive information.
You should also remove any unused or out-of-date programs from your systems, particularly if the software is no longer maintained. Software that is no longer being maintained may contain unpatched vulnerabilities or flaws, leaving your entire network vulnerable. Unused programs may contain vulnerabilities that leave your network exposed, but because these programs aren’t being opened and used regularly, your team may not discover these issues until they have already been used against you.
Remove Permissions as Part of Your Offboarding Process
While most organizations have fairly robust onboarding processes, many don’t put nearly as much time and effort into creating equally comprehensive offboarding processes. To help safeguard your network, make sure that all accounts of former employees are removed so that these login credentials cannot be used.
Even if your former employees don’t plan to access their old accounts, these unmonitored logins present a tempting possible entry point for cybercriminals. Old accounts are particularly useful to cybercriminals because no authorized users are monitoring them regularly, which means the criminal’s actions are less likely to be detected.
Stay Up to Date on Threats
You can’t defend yourself against a threat you don’t know to look for. Make sure your team is keeping up to date on the latest and most common cybersecurity threats.
Common threats include:
Review Your Current Protocols Regularly
Once you have laid the groundwork, you need to look for potential threats, investigate them thoroughly, and take remediation steps. Once a threat has been dealt with, you should take the time to evaluate how effective your response was so any shortfalls can be addressed promptly.
Even if you don’t experience an attack, your team should still be regularly auditing your current protocols and procedures to ensure they are up to date and continue to meet your needs. You may also want to consider conducting a pen (penetration) test, which involves hiring an ethical hacker to stress-test your defenses and look for vulnerabilities. Once the test is complete, your hired hacker shares their findings with your team, detailing which vulnerabilities they were able to exploit and how, and offers their professional advice for addressing these security shortcomings. These tests allow you to identify and address issues before cybercriminals can exploit them.
Invest in Employee Training
In many instances, your employees are your first line of defense. Training your employees to identify suspicious activities and ensure they know who to report their suspicions to is a critical component of any cybersecurity posture. All new hires should undergo extensive cybersecurity training, and all team members should undergo refresher training regularly.
To help your employees put their new knowledge and skills to the test, you may also want to consider running tabletop exercises. Like fire drills, tabletop exercises present your team with a hypothetical scenario which they need to address. This approach allows your team to practice their skills in a no-stakes environment and test if your current cybersecurity posture and protocols are meeting your needs. Once the exercise is complete, your team sits down to discuss what went well and what did not so that these shortcomings can be addressed as soon as possible.
How VirtualArmour Can Help
Safeguarding your digital assets is critical, but many organizations find this task daunting. That is why the experts at VirtualArmour are here to help. Our team can help you audit your current posture for vulnerabilities and create a robust plan to address these security shortcomings. We offer a wide selection of managed and professional services, including:
- Endpoint detection and response
- Managed infrastructure and firewall
- SIEM health check
- Managed SIEM
- Firewall migrations and policy design
- Operations center support
- Vulnerability scanning
- Security compliance
- Remote access VPN
To learn more about the steps your organization needs to be taking to safeguard your digital assets or to start improving your cybersecurity posture, please contact us today.
I’ve Been Hacked! What Should I Do?
If you have experienced a cybersecurity incident please contact our team right away to find out what steps you need to take to minimize damage and prevent future attacks.
Learn more about cybersecurity, the steps you need to take, and the threats that are out there with these select articles from the VirtualArmour blog.