Hackers had been working overtime in 2020, and they decided to end the year with a bang. Not long after major security firm FireEye announced hackers had infiltrated them, the relatively unknown business SolarWinds found itself in the middle of a global attack against the U.S. government.
How SolarWinds Became the Center of Global Attack
If you’ve never heard of the company SolarWinds before, you’re not alone. The Austin-based company is not a well-known entity. And that is partly why Russian hackers turned it into a target.
Despite its obscure profile, SolarWinds provides software that manages devices for over 300,000 customers worldwide. Those customers include U.S. agencies and many Fortune 500 companies. Hacking a company like SolarWinds is much easier than infiltrating a U.S. government agency.
Dmitri Alperovitch, co-founder and former CTO of the cybersecurity firm CrowdStrike, told NBC News:
It’s a company that’s got remote access to hundreds of thousands of organizations around the world, including some of the biggest companies and the most critical government agencies. And by simply compromising them, you immediately open up the door to all these targets.
SolarWinds released a statement saying it was the victim of a “highly-sophisticated, targeted . . . attack by a nation-state.”
Those sentiments were echoed by FireEye last week, leading experts to deduce that both companies were targeted in a wide-scale attack by Russian hackers.
How Small Businesses Are Affected
While most small businesses don’t operate on a FireEye or SolarWinds scale, that doesn’t mean they aren’t affected. After all, these companies’ clients now have to worry about protecting themselves.
John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, told The Washington Post:
This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed. When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.
Ways Small Businesses Can Bolster Their Security
Hopefully, a nation-state of Russian hacking experts doesn’t have your business in their sights.
But regardless of who may have their eye on your company, there are small steps you can take to raise your level of security.
First, if you’re a customer of either of the aforementioned businesses, be sure to visit FireEye’s GitHub site to download the countermeasures to its breach.
Next, you can utilize various services to determine whether or not any accounts have actually been hacked.
If your office utilizes the same software company-wide, such as Microsoft Outlook or Office, take the proper steps to ensure those programs’ security.
The first line of defense is often a strong password for business-related accounts. There are a surprising amount of mistakes people make when trying to create a strong password. Any accounts containing sensitive material should require varied passwords containing at least 16 characters.
Check out this video on strong passwords:
Likewise, any sensitive accounts should enlist the added layer of protection accessed using 2-factor authentication (2FA).
And the most proactive step any small business with sensitive information can take is to hire a team of experts to look out for them.
Featured image by BalkansCat from Shutterstock.