After SolarWinds and FireEye Attacks – How Can You Avoid Hackers?
Hackers have been working overtime in 2020, and they decided to end the year with a bang. Not long after major security firm FireEye announced hackers had infiltrated them, the relatively unknown business SolarWinds found itself in the middle of a global attack against the U.S. government.
How SolarWinds Became the Center of Global Attack
If you’ve never heard of the company SolarWinds before, you’re not alone. The Austin-based company is not a well-known entity. And that, apparently, is partly why Russian hackers turned it into a target.
Despite its obscure profile, SolarWinds provides software that manages devices to over 300,000 customers around the world. Those customers include U.S. agencies and many Fortune 500 companies. It’s much easier to hack a company like SolarWinds than it is to infiltrate a U.S. government agency.
Dmitri Alperovitch, co-founder and former CTO of the cybersecurity firm CrowdStrike, told NBC News:
It’s a company that’s got remote access to hundreds of thousands of organizations around the world, including some of the biggest companies and the most critical government agencies. And by simply compromising them, you immediately open up the door to all these targets.
SolarWinds released a statement saying it was the victim of a “highly-sophisticated, targeted . . . attack by a nation-state.”
Those sentiments were echoed by FireEye last week, leading experts to deduce that both companies were targeted in a wide-scale attack by Russian hackers.
How Small Businesses Are Affected
While most small businesses don’t operate on the scale of a FireEye or SolarWinds, that doesn’t mean they aren’t affected. After all, each of these companies’ clients now has to worry about protecting themselves.
FireEye recently posted this tweet about the increased risk of cyber attacks:
Find out why insider threats could be on the rise in the coming months on our 'Eye on Security' episode with Monte Ratzlaff, Cyber Risk Program Director at the University of California Office of the President.
— FireEye (@FireEye) December 4, 2020
John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, told The Washington Post:
This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed. When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.
Ways Small Businesses Can Bolster Their Security
Hopefully, a nation-state of Russian hacking experts doesn’t have your business in their sights.
But regardless of who may have their eye on your company, there are small steps you can take to raise your level of security.
First, if you’re a customer of either of the aforementioned businesses, be sure to visit FireEye’s GitHub site to download the countermeasures to its breach.
Next, you can utilize various services to determine whether or not any accounts have actually been hacked.
If your office utilizes the same software company-wide, such as Microsoft Outlook or Office, take the proper steps to ensure those programs’ security.
Often, the first line of defense is a strong password for business-related accounts. There are a surprising amount of mistakes people make when trying to create a strong password. Any accounts containing sensitive material should require varied passwords containing at least 16 characters.
Check out this video on strong passwords:
Likewise, any sensitive accounts should enlist the added layer of protection accessed with the use of 2-factor authentication (2FA).
And the most proactive step any small business with sensitive information can take is to hire a team of experts to look out for them.
Hacked.com offers these services and more. Be sure to check out our plans listed below, or feel free to scan our site for a wide array of free advice.
Featured image by BalkansCat from Shutterstock.