It has been a year since the U.S. government publicly acknowledged that SolarWinds, a widely used software in the public and private sector, has been hacked, compromising the data of thousands of users across the globe.
It was one of the worst data breaches in history. What are businesses and the US government doing to prevent a similar situation from happening again a year later? When asked that question, cybersecurity experts who spoke with FOX Business said they were unanimous in their answer: not a lot.
Nothing has changed. Nothing is different. Bruce Schneier, a technologist and lecturer at Harvard's Kennedy School, said we're still vulnerable.
Schneier believes that cybersecurity is played into the hands of U.S. adversaries because of the inaction on Washington and its failure to regulate it.
SolarWinds was a random infrastructure company that nobody knew they had. This thing is critical to the Russians. We get everybody. We hack that. The Russian Foreign Intelligence Service, or SVR, was a hacking group that was behind the attack, according to the U.S. authorities. Russia hasn't been involved in any way.
At least nine federal agencies and dozens of private sector companies were affected by the hack. Since then, other hacks have highlighted vulnerabilities in the U.S. public and private sectors.
The SolarWinds are responsible for the fallout. Adam Levin, co-founder of credit.com and host of the podcast What the Hack with Adam Levin, said that people were really taken aback by how many organizations could be in harm s way based on the compromise of a platform they were all using. Levin said that cyber attacks will always be a reality as long as criminals look for ways to make quick money. He said that more people need to realize that they are just as prone to having their data breached as large corporations and governments.
We have so many people, whether or not they are their consumers or businesses that go, why would anyone care about me? I'm very small, or a business says. I am in a particular niche. Levin said something. You're in a dangerous neighborhood every time you go online and that we're going to be constantly under attack. Jayson E. Street, founder of InfoSec at SphereNY and author of Dissecting the Hack, said companies need to be vigilant about protecting their data from future attacks.
So many companies are so focused on looking for the attacks to come outside and trying to protect their network from external threats, but they are not doing enough to educate their employees and IT staff on signs to look out for data going out of the company, Street told FOX Business.
Street stressed that a cultural shift is needed to make people aware of the ever-present dangers of cyber-attacks.
Street said that you're not being targeted because of who you are because you think it can't happen to you or that you're not a big enough target. On the Internet, you are just a number, you are just an IP address that an attacker is scanning.