SolarWinds Hack Sows Fear
The attack on many major businesses and federal agencies via SolarWinds software was first made public in December 2020, and the reverberations are still being felt. In one of the largest security breaches of its kind, SolarWinds’ Orion software, a software used by businesses and government agencies to monitor their computer networks, was hacked. This software served as a critical component of these organizations’ networks and allowed wide access throughout their computer systems.
In an NPR article, SolarWinds reports that nearly 18,000 of its customers used the infected software. Some of the affected entities included the Pentagon, the Department of Homeland Security, and the U.S. Department of Treasury. It is reported that this attack was carried out by the Russian government and went on for months before it was discovered. The extent of the breach and the amount of data stolen are still not fully known.
If large Fortune 500 businesses and key agencies in the federal government are vulnerable, what can small to mid-size businesses do to protect themselves?
First, they can implement and regularly update all the best IT security measures available. Best practices include using multi-factor authentication for remote access, regularly patching any software in use, using secure passwords, and conducting regular employee training on IT security issues.
Multi-factor authentication for remote access, especially in an era where many are working remotely, is a leading measure to prevent the compromise of IT systems. Patching software regularly prevents hackers from exploiting widely known flaws in software code. Secure password use includes regularly updating passwords and using complex passwords, which prevent brute force attempts at gaining access to computer systems. Lastly, employees trained on IT security issues are much more adept at spotting and flagging bogus emails before any harm is done to the computer network.
With that said, efforts at prevention can still fail. As we see with SolarWinds, even the best security measures can be circumvented by highly sophisticated cyberattacks. When risk management fails, having the right insurance policy in place is crucial.
A proper cyber policy will provide the following:
- Sufficient coverage to notify customers of a data breach
- An expert team of attorneys and computer forensic experts to help a company navigate legal and technical challenges
- Coverage for things like business interruption and damaged computer hardware resulting from the cyberattack
At Devon Park, we offer up to $5 million in limits for expenses arising from a security breach, including the attendant business interruption and damage to computer hardware, on our Errors and Omissions, Media and Privacy (EMP) product. Contact your Devon Park Specialty underwriter today for more information or a quote.
As always, thank you for your support and business.
Contact and written by Erik Tifft
Second Vice President, Underwriter | 844-438-6775, ext. 2354