A major cyber attack used the US firm SolarWinds’ Orion platform. The attack threatened US national security, through targeting numerous US government departments. Security officials in the UK are focusing on uncovering the extent of the impact on the UK of the hacking campaign. UK security officials are trying to establish the extent of the impact on the UK of a major hacking campaign that threatened national security in the US.
The complex cyber espionage operation was active for months before it was spotted. Compromising software from SolarWinds provided access that was used to steal data and could have allowed the cyber criminals to gain a large amount of control over the organisation’s networks.
Those behind the attack seemed to have targeted a specific set of organisations with the goal of stealing national security, defence and other information. However, there is no sign that obtaining a large amount of customer or citizen data was the goal of the operation.
The UK’s National Cyber Security Centre (NCSC) – is front and centre in responding to the cyber attack and working alongside government and industry in providing consultation and investigations as to what data might have been stolen.
“This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact” – NCSC Director of Operations Paul Chichester.
“The NCSC is working to mitigate any potential risk, and actionable guidance has been published to our website. We urge organisations to take immediate steps to protect their networks and will continue to update as we learn more.”
At least one UK customer had been informed by Microsoft that the company had been compromised in a linked attack. Experts are currently scouring networks looking for data being stolen, however a full assessment of the damage in both the US and the UK may take months.
“Based on what we currently know, this is very large-scale digital espionage of the type that’s been going on for many years” – Ciaran Martin, former head of the NCSC.
“This is an unusually sophisticated compromise. It reinforces the point that securing the supply chain is one of the hardest challenges around,”
SolarWinds has listed a number of UK public sector agencies among its clients. This included multiple NHS trusts, the Cabinet Office, The Ministry of Justice. HM Government Communications Centre and Royal Air Force, Defence Equipment and Support.
As a response to the concerns about the potential effects on the UK health service, a spokesperson for NHS Digital told the BBC: “SolarWinds’ widely used Orion platform has been the subject of a supply chain compromise by an unidentified source. We have issued a high severity alert to the NHS which explains the action to take to mitigate this threat and we urge organisations to read and follow these instructions promptly.”
True costs of a data breach
The direct costs associated with a data breach can be high. However, there are other intangible costs that occur due to a cyber attack that can make the expense of a data breach hard to contain. 19% of organisations said they spent between 2 – 10 times as much on investigation as the original amount lost in the attack. According to PCIPal 43% of UK consumers stop associating with businesses that suffer from data breaches and Security Magazine reported on a study that found 52% of consumers would consider paying for the same products or services from a provider with better security.
It is inevitable that eventually, your business will get hit with some form of attack. It is important to stay one step ahead of cybercriminals by implementing preventative measures that protect your business from cyber threats.
Like the SolarWinds data breach, compromising software is a common entry point for many hackers and businesses must have a vulnerability management solution in order to identify, classify, remediate, and mitigate software vulnerabilities.
Our marketplace offers security solutions that help organisations prevent, detect and recover from cyber attacks. Negative impacts on your business will likely translate into losses in your financial statements. Taking a proactive approach to securing your organisation will secure your business and profits.
Cyber attacks have increasingly high direct costs. However the intangible costs such as reputational damage can make the expense of a cyber attack difficult to contain.
Businesses from the United Kingdom must take a proactive approach to securing their business and ensure they have the essential cyber security solutions needed to keep their business running.