SolarWinds hack one year later, cybersecurity experts say we’re no better off
US authorities have said hacking group connected to Russia was behind attack
It’s been one year since the U.S. government publicly acknowledged that SolarWinds, a widely used software in the public and private sector, had been hacked, compromising the data of thousands of users across the globe.
It was one of the worst data breaches in history. Now, one year later, what are businesses and the U.S. government doing to prevent a similar situation from happening again? When asked that question, cybersecurity experts who spoke with FOX Business were all unanimous in their answer: not a lot.
"Nothing’s changed. Nothing’s different. We’re still really vulnerable," said Bruce Schneier, a technologist and lecturer at Harvard’s Kennedy School.
Schneier laid much of the blame for inaction on the dysfunction in Washington and its failure to regulate cybersecurity – something, he believes, plays into the hands of U.S. adversaries.
"SolarWinds was this random infrastructure company that nobody even knew they had. And the Russians figured out, this thing is critical. We hack that, we get everybody."
IDENTITY THEFT: THESE STATES ARE MOST VULNERABLE, REPORT SAYS
U.S. authorities have said a hacking group connected to the Russian Foreign Intelligence Service, SVR, was behind the attack. Russia has denied any involvement.
The hack affected at least nine federal agencies along with dozens of private-sector companies. Since then, other hacks have further highlighted vulnerabilities in the U.S. public and private sectors.
"The fallout continues from SolarWinds. I think people were really taken aback by how many organizations could be in harm’s way based on the compromise of a platform that they were all using," said Adam Levin, co-founder of credit.com and host of the podcast show "What the Hack with Adam Levin."
APPLE NOTIFIED STATE DEPARTMENT EMPLOYEES OF PHONE HACKING LINKED TO NSO GROUP SOFTWARE
Levin said cyber attacks will always be a reality as long as criminals look for ways to make a quick buck. He said more people need to realize that they are just as prone to having their data breached as are large corporations and governments.
"We have so many people, whether their consumers or businesses that go, ‘why would anyone care about me? I’m just a regular human being.' Or a business says, ‘I’m very small. I’m in a particular niche. Why would anyone want to hack me?’" Levin said. "Don’t think it’s only about you. Realize the fact that you’re in a dangerous neighborhood every time you go online and that we are going to be constantly under attack."
Jayson E. Street, vice president of InfoSec at SphereNY and author of "Dissecting the Hack," said companies need to be more vigilant going forward about protecting their data from future attacks.
"So many companies are so focused on … looking for the attacks to come outside and trying to protect their network from external threats, and they’re not doing enough to start looking inward and start educating their employees and their IT staff on signs to look for with data going out of the company," Street told FOX Business.
Street stressed that a cultural shift is needed for people to be more aware of the ever-present danger of cyber-attacks.
CLICK HERE TO GET FOX BUSINESS ON THE GO
"Just because you think it can’t happen to you or that you’re not a big enough target understand that you’re not being targeted because of who you are," Street said. "On the Internet, you’re just a number, you’re just an IP address that an attacker is scanning. You are nameless to them. You’re just a target and a means to money."