The Department of Justice now confirms that thousands of email accounts were breached in the recent SolarWinds Hack. Which begs the question: Are we more vulnerable, or is cybersecurity now just discussed more?
Think of computer systems like your house, said Donald McLaughlin with CP Cyber, a Denver-based cybersecurity firm.
“The more doors and windows you add to a home, the more entry points,” McLaughlin said.
He says our population is catching up with technology, which is both incredible and not.
“With the compliance laws and the mandate to actually report that breaches happen, I think we see more of it,” McLaughlin said. “But as technology grows and more of it is used, yeah, we become more vulnerable.”
Technology has become so advanced that the trend is to use a cloud to store or manage systems or files. Cloud systems are programs like Dropbox or Microsoft OneDrive. Those are simple products used by consumers, but if you're setting up a business or large management system, you have to have so much expertise that it's often easier to pay a third party. That's not easy on a budget, as consultants are pricey.
“Don’t subscribe to 15 different technologies and not know how to configure them,” McLaughlin said. “Keep it simple and as little technology out as possible to run your company or do what you need to do at home, because the more exposure points, the more at risk you are.”
He says go back to the basics, be as simple as possible, vet your vendors, and ask security questions about breaches and data housing. As for the SolarWinds hack, the damage is done. The IT company posted a security update on their homepage.
“It appears that the motive was to get ahold of emails, so they essentially hijacked emails from different organizations and obtained access to emails and, as we know, those emails contain a myriad of sensitive information,” McLaughlin said.
These kinds of attacks, McLaughlin said, happen all the time.
“Truly the attackers are getting the biggest bang for their buck when they attack these supply chains,” McLaughlin said. “For example, if Microsoft got hacked and their update had an embedded virus in it, that’s everyone.”
So, how do you keep up? This is so far beyond changing your password.
“Changing your password or using a secure password protects you, your account, your data, but the real issue comes in where you’re giving your data to a third-party vendor and they’re not doing what they’re supposed to do,” McLaughlin said.
He said the attackers have no boundaries and no fear, so be wary of who you trust with your computing system. Your systems can be compliant but not secure. It's like a game of cat and mouse, and lately, we've got a lot more in common with the mouse than the cat.