Search
SOLUTIONS
SERVICES
CAMPAIGNS
TECHNOLOGY
INSIGHTS
COMPANY
OUR WORK
OUR WORK
CONTACT
CONTACT
Man Typing
Technology

Why the Cybercrime of the Century Is a Wake-Up Call for Businesses

January 13, 2021 | by David Corchado
  1. Home
  2. Blog
  3. Technology
  4. Why the Cybercrime of the Century Is a Wake-Up Call for Businesses
A massive cyberespionage operation targeting the U.S. government is a brutal reminder of how dangero...

A massive cyberespionage operation targeting the U.S. government is a brutal reminder of how dangerous the world can be for anyone operating online today. All organizations need a strong cybersecurity culture to protect themselves and every business they touch. The consequences of lax cybersecurity are unacceptably high.

What Happened

More than 250 U.S. government agencies and businesses have been compromised by an extensive hacking operation that is being blamed on malicious parties backed by Russia’s Foreign Intelligence Service, according to The Washington Post. The espionage operation has compromised departments such as Treasury and Commerce. The ultimate purpose of the operation remains unclear, but we know its scale is immense.

As reported by cybersecurity firm FireEye, hackers compromised government operations through the update server of a network management system made by the firm SolarWinds. SolarWinds is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. The company’s clients include up to 330,000 organizations, including the U.S. government. The attack centered on the SolarWinds Orion information monitoring and management software. The hackers inserted malware in the Orion software, which spread to SolarWinds clients through an update. The hack probably began as early as March 2020.

As reported in The New York Times, by inserting the malware into the SolarWinds’ Orion update and using custom tools, the malicious parties avoided tripping the alarms of the detection system that homeland security deployed across government agencies to catch known malware. As noted in eWEEK, “Customers compromised their systems unwittingly by following standard best practices — downloading and installing updates and patches based on their vendors’ recommendations.”

And we’re still bracing for the long-term consequences of the hack. Per The New York Times, “American officials are still trying to understand whether what the Russians pulled off was simply an espionage operation inside the systems of the American bureaucracy or something more sinister, inserting ‘backdoor’ access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons.”

A serious crime has been committed. Businesses need to take heed of its implications.

Lessons Learned So Far

A strong approach to cybersecurity works. Weak cybersecurity has catastrophic consequences.

The bad news: The New York Times reports that SolarWinds has had a history of lax security practices. According to The New York Times, “Even with its software installed throughout federal networks, employees said SolarWinds tacked on security only in 2017, under threat of penalty from a new European privacy law. Only then, employees say, did SolarWinds hire its first chief information officer and install a vice president of ‘security architecture.’”

In 2017, a security advisor warned SolarWinds that “the survival of the company depends on an internal commitment to security.” The advisor, Ian Thornton-Trump, told Bloomberg that he made several recommendations including appointing a head of cybersecurity. He terminated his relationship with the company after he concluded it was not committed to improving cybersecurity practices.

The good news: we know of at least one high-profile case in which a company’s cybersecurity practices worked in the wake of the SolarWinds hack. Microsoft reported that the SolarWinds hackers were able to view some of Microsoft’s source code. But the hackers were unable to modify code or get into its products and emails. That’s because Microsoft has in place a rapid-response protocol for detecting breaches and eradicating them, which served the company and its customers well. Yes, the hackers got access to the Microsoft network. But the attack was thwarted because Microsoft was ready.

What Businesses Should Do

The SolarWinds hack is a wake-up call for businesses everywhere to treat cybersecurity as an all-encompassing priority that permeates the entire business culture. For many businesses, cybersecurity remains an information technology issue only. This approach is wrong.

Cybersecurity is an issue for everyone in your organization to understand. For instance, the Finance team needs to understand why investing in cybersecurity isn’t a question of “How much does cybersecurity cost?” but rather “What’s at stake for our business if we don’t invest in protecting it?” All employees need to be educated on basic practices to thwart hackers who attempt to compromise businesses through malware. CEOs need to understand why cybersecurity must be part of their growth plans. For example, what voice does your  cybersecurity chief have in your decision making? How well do you assess a company’s cybersecurity practices before you collaborate with them in growing your business?

Cybersecurity is the defining issue of our times. It’s high time businesses everywhere recognize this reality and act on it.

Investis Digital Can Help

Connect.ID is Investis Digital’s on-demand hosting platform is built from the ground up with security and data protection by design. We provide a managed service with 24/7 support. Our cyber threat prevention system offers complete distributed denial of service (DDoS) protection, malicious traffic analysis, and prevention; and underpins every website we build. Combined with the atomized modular architecture of the Connect.ID content management system platform, we can deploy beautifully designed and highly performant websites with as little as two weeks from ideation to build. 

Our recently published guide, How to Protect Your Website during COVID-19 Security Threats, discusses in more detail how hackers are taking advantage of the pandemic to threaten businesses in all industries. We also discuss some steps businesses should take to protect themselves. Because we’ve been helping businesses manage against these threats for years, we’re well prepared to protect our clients during the surge of cybersecurity attacks occurring during the pandemic. Download your copy here.

For Further Reading