It's been over a month and a half since news of the SolarWinds hack started to spread, and the story continues to unfold. Just two weeks ago, a fourth strain of malware was discovered.
While there appears to be much that we don’t know, there are a few familiar themes from this hack that have once again been proven true, and they apply to networks of all sizes.
No solution can stop every threat
SolarWinds was targeted specifically because it is a popular and reputable networking solutions provider. Large companies like SolarWinds can benefit from economies of scale in two relevant ways: they can offer their solutions at competitively low prices and they can purchase enterprise-level security solutions that smaller businesses typically can't afford. But as we've seen, that does not make them immune to attacks.
Every connection presents a risk
The internet is an endless network of two-way streets. Every website visited, every email opened, and every file downloaded presents an opportunity for exploitation. As a managed services provider, we can only promise that we will take every reasonable and practical step to secure your network while maintaining your productivity, but we cannot guarantee a risk-free environment. This is why we recommend cyber security insurance to our clients in addition to the preventative services we offer.
You may already be compromised
SolarWinds was compromised months before the breach was first discovered. If it sounds overly dramatic to say you may have already been hacked, please understand we don’t want to motivate you to make quick, fear-based decisions. Instead, we hope you will take a deep breath and understand this is an important possibility to consider. Supposing you have been compromised, can you say you’ve taken the necessary, available, and financially realistic steps to know if this is true and to what extent? Could you tell your stakeholders honestly that, if you were to discover today that a compromising agent has been lurking on your network for months, you couldn’t have reasonably known about it?
These are the questions we want to help you answer. Not every solution is reasonable for every budget. But everyone can make a better effort toward securing their company data.
If you are looking for someone to guide you through this process, we’d love to talk with you about how to better secure your technology!