You may have heard it said on Wall Street, data is the new oil. If you look at the companies behind the Stock Market’s recent record highs, the ones with the highest valuation, they all have one thing in common – data-driven revenues.
Which is why, from all reports, the suspected Russian hack of the omnipresent SolarWinds’ flagship Network Monitoring platform Orion may be the most expensive hack in history. The hack was not to violently disrupt, but to quietly steal – a fortune in data. Protected government data, sensitive private data, financial data, and corporate data, from 18,000 companies, financial institutions, and government agencies was laid bare for a period of over 6 months. The damage and cost is yet, if ever, to be determined.
Much has been written about the importance of security and hardening the systems against hacks and attacks, and how costly the stealing of data and disruption of business can be. But organizations that moved to just “comply” with the bare minimum HIPAA, SOC, and PCI guidelines had no defense against this sophisticated attack that used the very tools of secure network monitoring to perpetrate a hack and heist of an untold mountain of valuable data.
Interestingly it was FireEye, themselves a cybersecurity firm, who first discovered themselves to be hacked, and not through debugging code. As security experts, they intuitively understand that software tools alone can’t catch everything. Rather, secure processes implemented and managed by trained people, in sync with secure tools, are what keep your data and systems secure. It was a “login from new device” alert that tipped off the security experts at FireEye that something wasn’t right, and an investigation ensued. After it was discovered that code from an update to the SolarWind network monitoring platform had been hacked, they immediately knew the hack wasn’t just on them, but everyone, everywhere, had been compromised.
And that’s not an exaggeration. On an earnings call back in October, SolarWinds CEO Kevin Thompson bragged how, “We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”
So the lesson from 2020, and the resolution for 2021, is to not just lean on the bare minimum of compliance, which a company does to keep itself out of legal entanglements, but fully embrace security: tools, processes, and people, as a means to protect the most valuable thing your company owns, your data.
For a free consultation to discover whether your organization is truly compliant, and most importantly, secure, using people, processes, and tools, get in touch with us today.
Related articles
Running a business involves juggling multiple responsibilities – from product development to sales, HR, and, not to mention, IT. One crucial aspect of IT that can't be overlooked is infrastructure implementation. But what does this entail? And how do professional IT companies assist businesses in this process? Allow me to simplify this for you.
Running a successful business in today's digital world often means navigating a maze of complex IT jargon. Among these, 'server monitoring' is a term that frequently comes up. But what exactly is it, and why is it meaningful to your business? Let's demystify this critical aspect of IT with the help of Virtually Managed IT Solutions, your local IT support partner.
In our increasingly digital world, the phrase “time is money” rings truer than ever. For small and medium-size businesses, especially, any downtime could result in lost sales, diminished customer trust, and potential harm to your brand. One critical line of defense against downtime is 24/7 server monitoring and reporting.
We’re happy to answer any questions you may have to help you determine your needs.
1. We schedule a call at your convenience
2. We do a discovery and consulting meeting
3. We prepare a proposal just for you