There has been a not of news about the SolarWinds hack out there and it can be tricky for non-tech people to understand. We’ve put together this short primer to help the layperson understand what’s going on and what companies should be doing about it.
What is SolarWinds?
SolarWinds Orion is a collection of monitoring & management tools. This allows IT departments track and control large networks of computers. They use it to optimize usage, look for problems, and keep a companies computers all running smoothly.
This software from SolarWinds was exploited by hackers. Since the purpose of this software is to provide full control over a companies network, you can imagine why people are so concerned. It gives a hacker access to everything.
How bad is it?
Pretty bad. Though a cybersecurity expert could probably let you know if you downloaded the hacked SolarWinds update, there is no real way to see if hackers have actually exploited it. Any malicious use of the network will cover up its own activity.
How do companies fix it?
Unfortunately, the only way to be sure that the malicious software is gone is to rebuild the network. This sounds dramatic, but some high-security institutions do this routinely to make sure their networks are clean.
We highly recommend anyone in an industry with strict compliance requirements, like HIPAA to do this right away. If left unaddressed, they could be liable for malicious activity that might occur months from now.