Cyber Attacks and the Interconnectivity of Systems
A recent hack of renown cyber security firm FireEye may be linked to a “supply chain attack” across multiple government agencies. This “highly sophisticated attack” may have occurred through software updates through a network management system operated by SolarWinds. According to SolarWinds’ website, they work with more than 300,000 customers including Fortune 500s, the Executive Officer of the President, Department of Defense, U.S. Census Bureau and many other government agencies. Reports also suggest that emails may have been monitored at the Department of the Treasury.
As details still emerge about the extent of this breach and the potential damage caused by this attack, one thing is certain, the interconnectivity of systems, increased storage of data on these systems, and growing sophistication of cyber threats creates a number of cyber security risks across all organizations. Cyber threats can pose harm in a number of ways — ransom, reputational harm, loss of intellectual property, data security — all of which can hinder an organization’s resiliency and business operations. Many government agencies, nonprofits, and private sector companies alike are experiencing growing threats and are recognizing how vulnerable their systems are. A recent National Infrastructure Advisory Council report found that privately operated critical infrastructure remains vulnerable and are falling short of security standards. This report suggested the need for a watchdog entity where private sector and public sector partners share threat intelligence, develop mitigation strategies in real-time, and facilitate collaboration against cyber threats.
Technology has opened the door to great efficiency, data insights, and capabilities. With those capabilities come emerging threats as organizations need to consider where they, and members of their supply chain may be vulnerable, develop continuity of operations plans to build resilience in the face of cyber attacks, and consider their risk tolerance, mitigation steps, and approaches to securing their systems.