December 29, 2020 by Tim
OK, so we all know what the top story of 2020 was, but for the IT community, 2020 will be remembered for a different reason: cybersecurity got really serious.
Last month, I wrote a blog post called “2020: A Cyber Pandemic?”, which detailed a few of the year’s major cybersecurity stories. I finished that article with a nice thought: "…the year isn’t over yet! Hopefully, the worst is behind us, but we can’t be too careful."
It turned out that I spoke way too soon. A few days after writing that blog post, cybersecurity firm FireEye announced that the collection of hacking tools they’d developed internally had been stolen by a foreign actor, giving cyber-criminals around the world a new set of toys to test out on networks around the world. Right then, I knew my hopes for a quiet end to the cybersecurity year had been dashed.
But that wasn’t all. In mid-December, quite possibly the most significant cyberattack ever was discovered. Hackers believed to be tied to the Russian government infiltrated the IT company SolarWinds and used the company’s own software as a launching pad to attack SolarWinds customers, including many government agencies and private companies.
The scope of the SolarWinds hack is astonishing. Thousands of government agencies and companies had the hackers lurking in their networks for months, including:
Source: Business Insider
It was later announced that the breach at FireEye may have also been related to the SolarWinds attack.
The fallout from the Solarwinds hack is immense. In many cases, the attackers gained complete access the victims’ networks, leaving organizations with no choice but to completely rebuild all their IT systems from scratch. The incident has also shaken confidence in IT software vendors. We’ll probably never see see trust in vendors ever return to its pre-Solarwinds level.
Even before the Solwarwinds hack, experts (and me, though I’m far from an expert) were predicting that 2020 would be the worst year ever for cybersecurity. That prediction seems to have come true.
There may be a silver lining: I think we’re finally going to see the world taking cybersecurity seriously. It’s true that many companies have improved their security in recent years, and cybersecurity as an industry has been growing rapidly for a while. But somehow, this moment feels different. After SolarWinds, we’ve now seen just how bad things can get. The security movement that’s been bubbling under the surface is now boiling over.
In some ways, the past decade (2010-2020) was for cybersurity what the 1990s were for the Internet and computing in general. In the year 2000, Internet access reached 50% of US households for the first time. If you weren’t online by 2001, you were starting to fall behind the times.
Today, cybersecurity is the new computing essential. In 2021, if your organization isn’t taking cybersecurity seriously, you’re in the same position as someone who didn’t use the Internet in 2001: dangerously disadvantaged, and falling further behind ever day.
So, where to get started with security? For small businesses, start with the basics to make sure your company isn’t an easy target. There’s no sense in investing in high-tech security tools if your password is ‘MyCompany123’. Make sure your staff members receive basic cybersecurity training, since more than 99% of cyberattacks start with a click from a user. And above all, start to build a culture of vigilance that recognizes cyber-attacks as a real and dangerous threat. Businesses who fail to heed this warning will no doubt suffer attacks and begin to fall behind their competitors. Don’t let this be you. Act now!
Green Mountain IT Solutions offers a free, no-strings-attached computer and network consultation for Vermont businesses, including a security assessment. Contact us today to schedule your free consultation.