What the SolarWinds breach means to you
In the event you haven’t heard, what is arguably the largest cyber breach in US history was announced last weekend, and the fallout continues. Here is what we can share and how it impacts you.
For starters, we’ve been getting warnings for the past 2 years that hackers were targeting “honeypots” instead of just individual companies. In this context, a honeypot would be a data center where hundreds to thousands of servers are housed, and IT managed service providers (MSP) who have access to hundreds of client networks. SolarWinds falls into the MSP category, but they’re actually a software provider to MSPs. In other words, IT management companies utilize SolarWinds software to access and manage their client’s networks and servers. With over 18,000 clients, ranging from Fortune 500 companies to our largest government agencies, SolarWinds was one of the biggest in the industry. The level of sophistication of this attack is astonishing and points to one of two potential culprits – China or Russia. The verdict is still out, but early indicators point towards Russia. We don’t know, at least it’s not been made public, what the full extent of the breach has been. There are estimates it may have started as early as March. That means for several months these hackers may have had unfettered access to our nation’s critical networks, all of the emails, all of the files, etc. We’ll know more in time, but calling this, as many have, the cyber equivalent of Pearl Harbor is not an overstatement.
There are critical lessons here for all of us. Let’s take a look at them.
First, breaches are going to happen. Until we can eliminate human error, they’re inevitable. That said, catching the intrusion, stopping it before it fully executes, is possible. Accomplishing this requires companies large and small to increase their investment in security and deploy these next-generation tools.
Second, one of the greatest challenges we have is the implementation of effective risk management. Specifically, system log files need to be monitored on a consistent basis. For HIPAA compliance, it’s a requirement that you monitor your network logs and that you record you are doing so. Unless you have specifically asked your IT company to do this, it’s not being done. Unless you are doing it in your own software, it’s not being done. Breaches like this go undetected for months because people aren’t reviewing the necessary log files. Firewall logs, server logs, EHR logs, are just a few examples. That’s part of the problem, there are many log files to monitor, and most aren’t user friendly.
The third lesson we have learned is an ominous one. Due in large part to the level of sophistication of this attack, the recommended remedy is to scrape the drives clean and rebuild entire networks. Consider having to do that in your company. Format every hard drive, reset every network device, reinstall everything from scratch, and re-create your network. That’s exactly what the cybersecurity experts in our intelligence community are recommending, and it’s a monumental undertaking.
Make no mistake, this attack has done untold damage to our national security, and it may be years before we understand the full extent of the devastation. Equally important is the recognition that recovering from attacks that are this sophisticated and this prolonged, increases the recovery costs dramatically.
If you want to learn more about how you can protect yourself against the new wave of attacks, give us a call.
We’ll be back with our next reminder in January. We can’t wait to close the books on 2020!
Happy Holidays and thank you all for your support. May you all have health and happiness to start in 2021.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.