About the solarwinds cyber attack
Kyle Lai
President and CISO
KLC Consulting, Inc.
CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor
The Solarwinds cyber attack affects cybersecurity within government agencies like
- DHS,
- State Department,
- DoJ,
- DoD,
- and Defense Contractors
Experts estimate 18,000 customers are affected
The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-01 to the entire Federal Government. All civilian agencies are called to review their networks for indicators of compromise and immediately disconnect or power-down Solarwinds Orion products.
The Solarwinds Orion hack is an attack that targets our supply chain. The software has affected hundreds of thousands of organizations including defense contractors like Lockheed Martin, and 400 of the Fortune 500 companies.
See how clever the “bad guys” are at selecting their targets? They seek “hit one, get many free!” scenarios.
What are the effects of the Solarwinds cyber attack?
We don’t know the cumulative effect of the Solarwinds cyber attack. Several months have elapsed, and it persists.
We witnessed and learned from the devastation caused by NotPetya malware in 2017. This attacker targeted the supply chain through an update of popular tax management software. Victims downloaded the tax management software update trusting it came from a valid source. It cost some of the most significant companies billions of dollars to recover from NotPetya.
A supply chain cyber attack can be devastatingly effective. It can have a substantial negative impact on the entire supply chain. Organizations must perform sufficient due diligence to ensure their third-party suppliers have good cybersecurity hygiene.
What can you do to prevent an attack within your organization?
These types of attacks have led the U.S. DoD to develop the new and progressive Cybersecurity Maturity Model Certification (CMMC). CMMC reduces supply chain cybersecurity risk.
We’re KLC Consulting. Our company helps DOD contractors meet CMMC and NIST 800-171 requirements through agile solutions that achieve compliance, gain trust, and win contracts. Let’s talk about getting you compliant.
Please visit our YouTube channel for more related content and please connect with us on LinkedIn.
Check out our YouTube channel and LinkedIn pages for the latest information and education resources for Cybersecurity Maturity Model Certification.