A recent hack of renown cyber security firm FireEye may be linked to a “supply chain attack” across multiple government agencies. This “highly sophisticated attack” may have occurred through software updates through a network management system operated by SolarWinds. According to SolarWinds’ website, they work with more than 300,000 customers including Fortune 500s, the Executive Officer of the President, Department of Defense, U.S. Census Bureau and many other government agencies. Reports also suggest that emails may have been monitored at the Department of the Treasury.
As details still emerge about the extent of this breach and the potential damage caused by this attack, one thing is certain, the interconnectivity of systems, increased storage of data on these systems, and growing sophistication of cyber threats creates a number of cyber security risks across all organizations. Cyber threats can pose harm in a number of ways – ransom, reputational harm, loss of intellectual property, data security – all of which can hinder an organization’s resiliency and business operations. Many government agencies, nonprofits, and private sector companies alike are experiencing growing threats and are recognizing how vulnerable their systems are. A recent National Infrastructure Advisory Council report found that privately operated critical infrastructure remains vulnerable and are falling short of security standards. This report suggested the need for a watchdog entity where private sector and public sector partners share threat intelligence, develop mitigation strategies in real-time, and facilitate collaboration against cyber threats.
Technology has opened the door to great efficiency, data insights, and capabilities. With those capabilities come emerging threats as organizations need to consider where they, and members of their supply chain may be vulnerable, develop continuity of operations plans to build resilience in the face of cyber attacks, and consider their risk tolerance, mitigation steps, and approaches to securing their systems.
About the Author
With over twelve years of experience consulting and working in the government and nonprofit sectors. Evan started his nonprofit career as a member of Teach For America (TFA), where he served as a teacher, volunteer, and in operational support and training roles for the organization. He has supported BDO Public Sector in the launch of their management consulting practice and has provided strategy and operations, human capital, and information technology support to government and nonprofit clients. At BDO Public Sector, Evan led efforts building internal practice recruiting processes including interview questions, cases, and candidate evaluation criteria and developed their Graduate Advisor internship program.