Stu Sjouwerman is the founder and CEO of KnowBe4 Inc. , the world’s largest platform for knowledge of phishing protection and simulation.

The successful violation of several U. S. agencies and corporations was first shown last December, however, it was the result of an organized piracy crusade that lasted several months. software designed to help corporations manage their networks, software it supplies to U. S. government agencies. The U. S. and Fortune 500 corporations. Attackers were able to insert malware into SolarWinds’ Orion platform and were then expelled through an upgrade to 18,000 customers.

Victims of Sunburst (or Solorigate) malware come with Microsoft, Cisco, Intel, Nvidia and many other generation companies, as well as the Department of Homeland Security, the US Treasury Department. U. S. , the National Nuclear Administration, the Department of Energy and more.

But the victims of the attack perceive much more than SolarWinds and its customers. According to the Wall Street Journal, “approximately 30% of victims would have no connection to the network control company’s infected software. “

The consequences of one of the maximum attacks ever perpetrated are expected to continue (Microsoft President Brad Smith told ZDNet that he estimates that more than 1,000 engineers have worked on those attacks).

We still have many unanswered questions, however, there are some classes here for organizations and security professionals.

Violations are inevitable, so plan them.

If the attackers are determined enough, they can almost locate a way in. Security must be balanced with convenience, so the truth is that violations will occur. By accepting this truth, you can plan well to make sure you can deal with security incidents when they occur. Clear plans and policies enable immediate vulnerability mitigation so you can minimize outages and return to normal as temporarily as possible.

Trusting third parties can be dangerous.

“Always install software updates” is a mantra that repeats itself in InfoSec, and it makes sense to make sure you have the latest versions and protection. Unfortunately, when attackers manage to rape a trusted third party, this can lead to problems. inject malware into a digitally signed software update. Even if consumers hadn’t implicitly trusted the update and didn’t install it automatically, they wouldn’t have known something was wrong.

Security must be built-in from the beginning.

Hackers will most likely have access to business structure processes or uninterrupted progression pipelines to insert this malware before the code was packaged and distributed. A formula like this that implements code should have security controls built in from the beginning and The use of software signing keys deserves to be monitored at all times. It can be difficult to modernize software platforms or progression pipes with proper security controls. Therefore, it is very important to consult with security professionals during the initial design phase.

We miss it when we’re distracted.

People let their guard down when they’re distracted. This explains the increase in phishing attacks since the onset of the pandemic, as other people struggle to balance the professional and staff when they have to work from home. This hacking has managed to evade countless security agencies and equipment, partly due to the double distraction of pandemic tension and the presidential transition. If the attackers are patient and the right time to attack, they are much more likely to go unnoticed.

Adopt a 0 accept as true with politics.

The concept of a trusted approach 0, in which organizations whitelist valid traffic instead of focusing on blocking fast traffic types, is gaining ground. With a 0 accept as true with the policy, each and every connection between the user and the host can authenticate before it can continue. There is a greater chance of avoiding knowledge leakage if you block by default, however, this requires careful configuration and planning.

Surveillance is priceless.

It wasn’t the National Security Agency, not even Microsoft that discovered the hack; It was FireEye. It is revealing that a cybersecurity company with strong defenses was the only one to locate, however, it all comes down to surveillance. FireEye, like many generation companies, uses two-factor authentication, which means workers will need to download a code to their phone to remotely attach it to the company’s VPN.

The workers’ watchdog saw that a FireEye worker had two phones registered in his call and took the time to call and ask if they had searched a new phone, but it turned out not, which triggered the investigation that led to the discovery of an infected person. This illustrates how vital it can be for others to investigate and track small discrepancies.

Create a security.

The most productive way to develop surveillance within your organization is to establish a normal protection awareness education program that in the end creates a culture of protection. When others perceive what to look for and how to report suspicious messages or activities, they have a much greater chance of temporarily identifying violations and other incidents.

At the end of the day, preventing complex attacks like this is very difficult. It is imperative to constantly update staff and inspire surveillance, but this will have to be combined with real-time network tracking and traffic and the right combination. security tools.

Forbes Technology Council is an invitation only to CIO, CTO and world-class generation executives.

Stu Sjouwerman is the founder and CEO of KnowBe4 Inc. , the world’s largest phishing protection and simulation awareness platform. Read Stu Sjouwerman’s full article.

Stu Sjouwerman is the founder and CEO of KnowBe4 Inc. , the world’s largest phishing protection and simulation awareness platform. Read Stu Sjouwerman’s full profile here.