What Can We Learn From the SolarWinds Data Breach?

Jan 6, 2021

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?” 

SolarWinds Data Breach featured

“In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.” (cnbc.com)

 

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?”

 

Sadly, that question may be about as useful as asking, “How can we rid the world of bad guys?”

 

What Happened?

 

March – June 2020

 

According to SolarWinds, a vulnerability was injected into updates for their Orion products between March and June 2020. It appears that the vulnerability was placed in the build rather than in the source code or in the certificate, as is often the case. This is important to note, as it is one indicator of the sophistication of these hackers.

 

Eighteen thousand of the Orion users performed updates, unwittingly opening their data up to the breach.

 

December 2020

 

Orion user FireEye was the first to announce that a nation-state had hacked them.  Shortly after that, Reuters reported the data breach to the US Department of the Treasury, followed by a report from the Washington Post that linked the two data breaches as one.

 

“So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.” (cnbc.com)

 

Can We Blame SolarWinds?

 

No, although they may be used as a scapegoat. SolarWinds appears to have been diligent in using standard cybersecurity practices and took many steps considered above the norm. This malware was particularly sophisticated.

 

The malware included no electronic footprints, meaning no ability to see which files had been viewed. No false data was implanted, a timed-release was set so that the breach did not activate until after scans of the files were complete (FireEye reported a 14-day period of dormancy), and it appears that each malware distributed was personalized for its victim.

 

“The operational teams appear to have used specific infrastructure for each victim, reducing the usefulness of network-based IOCs.” (SANS.com)

 

How Widespread is the Data Breach?

 

Reuters is reporting that SolarWinds was not the only software company affected. According to the news source: “Another major technology supplier was also compromised by the same attack team and used to get into high-value final targets, according to two people briefed on the matter.” (cnbc.com)

 

According to FireEye: “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.”

 

“The Department of Homeland Security said in a bulletin on Thursday the spies had used other techniques besides corrupting updates of network management software by SolarWinds, which is used by hundreds of thousands of companies and government agencies.” (CNBC.com)

 

What’s The Takeaway?

 

The ongoing fear is that this initial malware will open up to secondary attacks and affect thousands more; however, this breach has brought the focus back to cybersecurity and its importance from the top down. President-elect Biden has promised to make cybersecurity a priority as best as possible.

 

If you are using the Orion software – or if you are unsure – we might be able to help. The Department of  Department of Homeland Security Cyber divisions released an Emergency Directive for all Orion users. Tech One IT has cybersecurity experts that can help identify data breaches and initiate the process of getting your organization back to safety.

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

 

View Open Jobs Here: Careers | Learn About TAP: Technology Apprenticeship Program |

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

Recent Articles

Tech One IT Hires Joseph P. Vasile as Director of Customer Success and Texas Operations Tech One IT Hires Joseph P. Vasile as Director of Customer Success and Texas Operations Tech One IT, a leader in technology staffing, IT solutions, and technology apprenticeship services, announced today that Joseph P. Vasile will be joining the team as Director of Customer Success and Texas Operations.
April 14, 2021
Tech One IT Hires Joseph P. Vasile READ MORE
How to Work Around a Slow Internet Connection How to Work Around a Slow Internet Connection When remote-working, few problems are as annoying as having a slow internet connection. Here's how to work around a bad internet connection:
April 1, 2021
How to Work Around a Slow Internet Connection READ MORE
Famous Apprentices You Never Knew Famous Apprentices You Never Knew Have you ever wondered how it works out for apprentices? Well here are a few famous apprentices you never knew completed an apprenticeship
March 23, 2021
Model of Leonardo Da Vinci's flying machine READ MORE
Hiring Gen Z: What We Should Know Hiring Gen Z: What We Should Know Understanding the world in which Gen Z was raised while not making presumptions can help in hiring and retaining the best talent available.
March 10, 2021
TechOne- GenZ - 0321 - 2021 (2) READ MORE
The Biden Administration And Technology Apprenticeships The Biden Administration And Technology Apprenticeships Now, that we have the Biden Administration leading the country, what can we expect for apprenticeships, and more specifically, for technology apprenticeships? Let’s consider…
March 1, 2021
Apprenticeship READ MORE

 

According to the National Association of Colleges and Employers:

 

Nearly 91 percent of employers responding to NACE’s Job Outlook 2017 survey prefer that their candidates have work experience. (www.naceweb.org) 

 

An apprenticeship could be the best way to get your foot in the door with a good company and gather the necessary experience while also getting paid. But many apprenticeships are simply set up by companies without experience to run such a program. Apprentices may come out with experience to write on their resume, but many leave feeling duped and discouraged. 

 

How can you tell if the apprenticeship program you are considering is valid and worthwhile? 

You will be working with other apprentices.

If you are the only person being hired for the project, it isn’t an apprenticeship program. There may be times when you are working apart from other apprentices, and you could be tested with tasks of your own, but the entire program will have more than one apprentice. 

 

The benefit of working with other apprentices is that you can collaborate and learn from one another. At Tech One IT, we strive to build a friendly environment for our apprentices so that, even when working alone, they can lean on one another for support. This is an easier transition into the workforce from college and has proven much more beneficial to our apprentices than their peers that were hired directly. 

 

You will work with a mentor, or at least in a group managed by an experienced employee. 

 

An apprenticeship is a full-time job working within a team. The difference between an apprenticeship and a full-time job is the purpose. An apprentice’s purpose is to learn from mentors and peers (i.e., other apprentices). They will complete their apprenticeship with an understanding of workplace culture, knowledge of different processes, and organizational skills that are never taught but just expected of a direct hire. 

 

At no point should you be taking the place of an experienced full-time employee. If you don’t feel like you are getting the full benefits of your apprenticeship, contact us: Contact@TechOneIT.com.

 

There is an end date.

 

An apprenticeship is a long-term project. It has an end date and comes with no guarantee of a full-time job upon completion. 

 

Why take an apprenticeship without the guarantee of a job? 

You never have a guarantee of a job, regardless of how you are hired!

 

The Tech One IT apprentices work for some of the nation’s most exciting companies, sometimes Fortune 100 companies and sometimes small start-ups. Imagine coming straight out of college and working on an IT project for a Fortune 100 company. That’s not an opportunity given to many. 

You won’t be asked to do tasks outside of your scope.

 

Most direct hires that land a job straight out of college find themselves completing tasks that are outside their field. When I graduated with a Master’s in Communication, I was hired by a Fortune 100 company to write their training manuals. I actually spent much of my time packing boxes full of those training manuals and booking hotels for sales managers attending training seminars. 

 

At Tech One IT, we work closely with our clients to set up apprenticeship programs that benefit our apprentices and use their skills. Sure, there will be an element of work that falls outside of your training in every job, like reporting, but you will not find yourself packing boxes! 

 

The program is certified.

 

Tech ONe IT is a certified apprenticeship program. We have a Registered Apprenticeship Program validated by the Department of Labor and the State of Arizona. 

 

By earning these certifications, we can work with the nation’s fastest-growing companies and set up new programs all across the country. 

Apprenticeship programs are usually partnered with Universities, Colleges, and Trade Schools.

 

Apprenticeship programs benefit students and employers, so it only makes sense that a valid apprenticeship program would partner with local schools to reach the students. Tech One IT has outstanding relationships with Arizona State University, as well as several local colleges. 

 

Read More: 

The Power of Partnerships: How Tech One IT & Trilogy Are Equipping Arizona’s Tech Boom

Tech One IT Announces Scholarship Program at DevMountain

 

Offices
Phoenix
New York
Dallas
Hyderabad