SolarWinds Is One of Many Cyberbreaches to Come

SolarWinds Is One of Many Cyberbreaches to Come

Early last week we wrote about SolarWinds and the potential for another leg to drop. SolarWinds has a long road to recovery. Cyberbreaches of that sort don’t engender customer trust and often lead to significant customer churn. What other companies may be at risk of a cyberbreach?

Tickers mentioned: AMZN, AVGO, CERN, EFX, EXPGF, FICO, GOOG, MA, MSFT, NOW, ORCL, PYPL, ROP, SPLK, SQ, SWI, TRU, TYL, V

  • Earlier this month we wrote aboutCyberSecurity As A Competitive Differentiator“. It is insufficient to license a cybersecurity vendor’s services and to consider the subject “mission accomplished”. Companies ought to take a proactive approach to cybersecurity with dedicated C-Level executives and cybersecurity teams.
  • Threats are becoming increasingly sophisticated. Nefarious actors simply require one weak spot to exploit. It doesn’t help when companies make it easy for bad actors. For example, AWS had a configuration problem that led to a breach at Capital One last year. SolarWinds suffered from a variant of the all too common administrative “password123” phenomenon. This lazy, risky approach to password protection is common among IT professionals.
  • Healthcare providers and Government agencies (State & Local, including public schools) are obvious targets for hackers. Both industry verticals are rich with PII data and often lack robust cybersecurity protocols. Cerner, Epic, Deltek/Roper Tech and Tyler Tech are a few examples of the many potential entry points for hackers within these verticals.
  • Infrastructure Software firms are obvious cyberbreach targets. Infrastructure offerings underpin many third-party applications and therefore provide access to treasure troves of data. AWS, Azure, BMC, CA/ Broadcom, GCP, Oracle, ServiceNow and Splunk to name a few.
  • Fintech companies are targets. Companies including Mastercard, PayPal, Square, Stripe and Visa (we recently wrote about hacks at Square).
  • Identity Management firms are ripe for attack. These firms store PII data and are therefore obvious targets. They include Equifax (breach suffered in 2017), TransUnion, Experian and FICO among others.