Many organizations were not affected by the SolarWinds breach, however it highlighted some important questions that we should all consider.
- Does your organization have cloud services or 3rd party access that may not be adequately secured? (It was reported that the initial access to the SolarWinds tools was through GitHub, a service used by most software developers).
- Have you tested the security INSIDE your network? (Hackers were able to pivot from the initial access point. What could a hacker get to if they get past your perimeter controls?)
- What steps have you taken to review security and/or compliance if COVID resulted in an increase in remote workers?
- Who watches over your network 24/7 to detect cyber threats? (An estimated 65% of threats go undetected, are you catching them?)
- What resources do you have in place for breach response should the worst happen? (Not having this set up proactively can result in a delayed response that keeps systems offline and results in a more significant financial impact)
- Does your insurance policy have language that could allow them to invalidate your claim? (Yes, this is happening as insurers are facing higher than expected claims. We can share some common examples).
Let’s discuss how our expanded cybersecurity and compliance services can help address these concerns to minimize the risk to your business.