The potential ramifications of the SolarWinds data security breach are enough for cyber executives to be awake at night, especially since many SMBs and the MSPs that serve them aren’t ready to deal with such a major event. Here are some ways you can help. Although the SolarWinds data breach was initially referred to as an “acts of war”, this is probably inaccurate. It should be classified as an act or intelligence gathering operation by an adversary. This means that there could be even more espionage or intelligence gathering operations in the future.
The potential ramifications of this are both immediate and long-term enough to keep cybersecurity executives awake at night, especially since many SMBs and the MSPs that support them are still not adequately prepared to respond from both a cybersecurity and business perspective. A panel of cybersecurity executives spoke out during a panel at CompTIA’s Communities & Councils Forum.
“The cost of mitigation for government and industry will not be small. Samuel Spector, director of U.S. government relations and public policy at BlackBerry, said that it may be time for the cyber ecosystem to be restored public confidence and its integrity. “But, for me, the nightmare scenario involves an adversary using the information in order to sabotage or manipulate, disrupt the data and physical infrastructure controlled either by the governmental or private sectors. This is something we didn’t see the first time.
MJ Shoer is CompTIA’s senior vice president and executive Director of the CompTIA ISAO. He agrees with Spector.
“SolarWinds does not represent a hack or a breach, as it is constantly reported. Shoer stated that this was an intelligence operation. “What worries me most is the interconnectedness of dots between different areas. This should be monitored. We don’t know what these connections could mean. It is a momentous time to talk about cybersecurity.
Cyber Risks are rising in cost. We need to pay more attention and take action
According to Jay Ryerse (ISAO EAC vice-president of cybersecurity initiatives at ConnectWise) and member of CompTIA ISAO’s Executive Advisory Council, there are 29 million small businesses in America. Many don’t know how to respond to a cyberattack.
“They don’t know what they don’t know.” This could backfire on them. They don’t have [great] visibility, and they don’t see what’s coming into their networks. Ryerse stated that small businesses don’t have large budgets so it is difficult to balance security with other costs.
A few years back, the average ransomware attack cost was $4,000. It was $178,000. “When it was $4,000, it wasn’t the end for a small business. Ryerse stated that it could be. “This is causing conflict with small businesses already being challenged by COVID.”
Customers are not the only ones who need assistance in protecting themselves against cyber threats. MSPs need help to protect clients, according to Tracy Holtz (Director of Security Solutions at Tech Data) and cochair of CompTIA’s Cybersecurity Advisory Council.
“How can we help our partners keep ahead of attacks?” Keep it simple. IT organizations lack basic skills that can lead to vulnerabilities. Holtz stated that IT organizations should also be looking at the right technology and services, education, as well as help from the partner community.
Holtz stated that sophisticated attacks such as the SolarWinds event won’t disappear. They will get more sophisticated and targeted. Businesses of all sizes must be more resilient and reduce their risk. This means more technology, education, collaboration with MSPs, and other solution providers.
“The stakes are increasing. Cybersecurity is a game that you are always betting on. She said that you should put your best defense forward to lower your risk.
Alex Rutkovitz Spigel is the COO of Choice Cybersecurity, and chair of CompTIA’s Cybersecurity Community. She said that she speaks to customers every day about cyber risks and lacks education.
“They don’t know where their personal identifiable data is.” When we ask, they reply that they don’t have sensitive information.
The MSP found that sensitive information was stored in several different areas by the customer. “There is a lot of communication breakdown internally. Finance doesn’t communicate with HR. They share the same sensitive data but they don’t use it the same way. They’re not on one page.” Rutkovitz Spigel stated. “We are only as strong as our weakest link. We protect those weaknesses wherever we can.”
Education and collaboration are key to better defense
According to Jacob Ingerslev (head of global cyber risk at The Hartford), ransomware attacks have been increasing in severity and frequency for three reasons.
