The US was recently hit by a massive digital attack that compromised both government and private sector networks nationwide and around the world. Though cyber attacks have become all too common, this one is different. It’s a pivotal moment and will serve as the “Pearl Harbor moment” for cybersecurity in the US.
In March, malicious attackers lodged a “supply chain attack” to infiltrate SolarWinds, a software provider with a massive customer base and automatic permission to access secure networks without raising alarm. The malicious code embedded in a software update created a potential back door in SolarWinds’ tens of thousands of customers. Though it has been patched, the malicious actors had ample time to create additional entry points into the networks they deemed important or useful and cover their tracks.
This attack must serve as a wakeup call for government leaders. Today, ‘business-as-usual’ is simply unacceptable. Yet, the challenge in securing critical systems has been identifying and deploying a solution that is both highly secure and still allows users to operate systems, access networks and retrieve critical data. Accommodating those requirements became even more challenging during the COVID-19 pandemic when stay at home orders meant more government employees were working remotely than ever before. Enabling workers to perform their jobs remotely and access secure servers via potentially dangerous endpoints such as personal computers and unprotected WiFi networks has created additional potential security gaps and vulnerabilities.
So, what can we do now?
We believe the answer is network segmentation.
Many government agencies, particularly for the most sensitive data where peoples lives depend on secrecy, use cloaking and isolation of core critical assets. The scale of this recent event makes it abundantly clear that this level of security must be expanded and adopted by all critical departments and agencies.
Government organizations, contractors and the private sector must each take immediate action to put real network segmentation and defense-in-depth strategies in place. Though it’s impossible to claim that any solution is 100% secure, we believe segmentation, cloaking, and defense in-depth infrastructure should be the table-stakes for critical security.
Blue Ridge has been protecting our customers with “protection vs. detection” strategies for more than 20 years. Our LinkGuard solution seamlessly conceals networks, reduces the attack surface, and prevents malicious actors from accessing your critical information – while still extending communications and connectivity to trusted devices. By segmenting networks and upholding automatic, robust security policies, the lightweight solution has proven effective in neutralizing threats, such as Meltdown and Spectre, before they cause irreparable damage. This level of enhanced security becomes even more feasible for rapid implementation on a budget because of its low cost set-up. LinkGuard doesn’t require augmentation of an existing system structure or endless software updates.
We strongly encourage leaders in both government and private sector to raise the standard for cybersecurity, and recognize this digital Pearl Harbor as a very possible, even likely, repeatable offence. If you have any questions about the status of the ongoing situation, or how LinkGuard can bolster the security in your organization, contact our team.