(Source: Pixabay)
Major security events focus the attention of consumers, the media, and business leaders on cybersecurity and cyber resilience. The recent breach of Solar Winds, what Microsoft President Brad Smith called “the largest and most sophisticated attack the world has ever seen,” is the perfect example. In the aftermath of Solar Winds, security professionals across the world are being summoned to answer questions from the C-suite and the board. Questions like, “what do we do now?”
The answer to that question will differ for almost every organization, but whatever internal corrective actions are taken – like patching, scanning for indicators of compromise, etc. – organizations should consider bringing in external experts to supporter-examine their defenses.
Microsoft and LinkedIn Expand Global Skills Initiative -- Campus Technology campustechnology.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from campustechnology.com Daily Mail and Mail on Sunday newspapers.
Article content
Two days before Superbowl LV in Tampa in early February, someone hacked into a water treatment plant in nearby Pinellas County and tried to poison Florida’s water supply. The unknown attacker used a password to break into the remote access software platform that controls the plant and adjusted the level of sodium hydroxide to more than 100 times normal levels – an act that would have had catastrophic consequences had a sharp-eyed operator not spotted the move and re-adjusted the chemical levels.
American investigators were contacted by Israel’s National Cyber Directorate, which has experience with water facility attacks, after a similar incident in 2020 that the NCD’s director said was “a changing point in the history of cyber warfare.” He noted that the attack against Israel was not accompanied by a ransom demand, suggesting it was not the work of cyber-criminals.
John Ivison: Forget the Cold War, this cyber conflict is hot edmontonjournal.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from edmontonjournal.com Daily Mail and Mail on Sunday newspapers.
Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.
While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.
The SolarWinds attack is unprecedented because of its capability to cause significant physical consequences, says University of Richmond management professor Shital Thekdi, an expert on risk management and industrial and operations engineering. The attack impacted critical infrastructure providers, potentially impacting energy and manufacturing capacities,” she said, and created an ongoing intrusion that “should be treated as a serious event with potential for great harm.”