SolarWinds – What Happened With Recent Hacks of Federal Agency Computer Systems?
Chortek provides managed IT services to hundreds of business computer users. Our goal is to serve as an outsourced IT department and advisor to our clients. This week’s story surrounding multiple cybersecurity breaches relating to SolarWinds serves as a harsh reminder. Businesses need a trusted IT support firm that understands cybersecurity risk. The company you work with should be constantly vetting the tools they use to deliver service. Here’s what we know about what happened, and what we’re doing to keep clients safe.
Who is SolarWinds, and what happened?
SolarWinds is an Austin, Texas-based firm. They make IT management software in the market category of “remote monitoring and management,” or RMM, software. Competitors in the same market include Datto RMM (Chortek’s current RMM tool), Kaseya VSA, SpiceWorks and others. SolarWinds’ primary RMM product is SolarWinds N-Central. It appears that the Orion Update tool within their product offering was compromised. Their software developers were using a very weak password to protect the storage location where their software is stored and used to update customers. Hackers apparently added their own malicious code to the tool. They then used the code to infiltrate customer networks, including private businesses, multiple federal agencies, and even Microsoft.
How does what happened at SolarWinds affect my business?
It’s normal to feel concerned and worry about your own cybersecurity when you hear news like this. If you are a customer of Chortek’s managed IT services, you are not directly affected. Chortek does not use SolarWinds software. Microsoft has stated publicly that they have detected and removed the compromised SolarWinds software from their networks. However, Microsoft has not yet disclosed any details about their customers being affected by this incident. Chortek will certainly respond as soon as any additional information is available indicating known risk to our clients.
Could something like this affect my business via Chortek’s RMM?
All software is susceptible to being modified without permission in order to be used for malicious means. Ransomware, viruses, and malware in general are examples of software used for unauthorized activity on private computers and networks. Datto RMM has not, to date, fallen victim to the type of hack that is currently affecting SolarWinds. Chortek continually monitors the market for trends in feature improvements, efficiency gains and security enhancements among all the software tools we use to support our clients. We promise to be vigilant and responsive should any of our vendors (Datto, ESET, Microsoft, Sage, Acumatica, etc.) fall victim to hacking.
I am concerned about cybersecurity at my business. What can I do?
Michael Senkbeil is the managed IT practice lead for Chortek and his favorite subject is cybersecurity. He maintains ISC(2)’s Certified Information System Security Professional credentials and would be happy to have a no cost or obligation conversation about your concerns. Feel free to book a time to talk!
Cybersecurity is a business process. As such, there are many tools and processes that can reduce cyber risk. Chortek uses, recommends, and implements several enhancements to traditional cybersecurity tools such as:
- Multifactor Authentication: Using a token or mobile phone app to better secure the login process on business computers
- Corporate Password Vault: Keeping passwords safe in encrypted cloud vaults is safer than Excel files or paper lists. It also allows segmentation of which people can see which lists of passwords used in the organization.
- Next-Generation Firewalls: A whole new level of power is becoming available in firewalls in recent years, resulting in improved protections
- Endpoint Detection and Response: This category of cybersecurity software is the next level up from traditional antivirus/antimalware software
- Disaster Recovery Protection: Frequent data backups and the ability to “fail over” to use cloud-based backup servers are the enhancement over traditional backup solutions, which are not sufficient to protect from modern cybersecurity threats. Don’t forget that businesses using cloud services need to protect that data using backup solutions as well.
Want to talk more about your potential cybersecurity risks and priorities? Schedule a talk with Michael today.
