The investigation into the SolarWinds breach keeps revealing more shocking ways attackers infiltrated organizations. Even if your organization doesn’t use SolarWinds, you must take action.
Official channels report that some software giants, including at least one major cloud hosting platform, are compromised. Your suppliers and vendors might be compromised and that affects you, too, even if your systems are safe.
Some steps to take:
1. Remind all of your users that they will likely receive fraudulent email messages that look more realistic than ever. Never enter usernames, passwords, or sensitive data into any forms without checking with your IT Pros first. Never transfer money based on email messages alone.
2. If you receive an email that appears fraudulent, then phone or text the sender to discuss the authenticity. If you email the sender to ask if they sent the first message, a bad actor who compromised their email system will reply to you and say that the original message is safe. Email is less trustworthy than ever, even when you start the conversation.
3. Contact your vendors, suppliers, customers, and anyone you rely upon to ask if they are following this emergency and actively looking for breaches. Ask if they check with their suppliers to require their vigilance too. Assess your risk of one of those entities failing. Have a business continuity plan in place.
4. Many organizations are temporarily disabling SolarWinds. Nobody is sure of the extent of infiltration.
5. Ask your IT pros to implement a two-step login process wherever possible. Reset passwords. Install critical security updates. Restrict account privileges as much as possible. Uninstall all non-essential software. Be hyper-vigilant of anything that appears to be an attack. Our audits and security reviews will help your IT teams secure your systems too.
Rest assured that software giants are working round-the-clock to fight the attackers. The problem is that the attackers had a head start, so they are one step ahead. And, if an organization you rely upon is compromised, it might be too late to stop. The infected organization will need to resolve the problems. They might not realize they are compromised.