70% Of Companies Were Affected By The SolarWinds Attack

Share post:

A survey by IronNet’s Cybersecurity Impact Report 2021, based on interviews with 473 IT decision-makers from the U.S., U.K. and Singapore, found that 90% of respondents said their security had improved in the last two years, but 86% suffered attacks large enough to require a meeting of corporate C-level executives or boards.

The survey also found that 70% of the companies surveyed felt the effects of the SolarWinds attack:

  • Significant impact: 31%
  • Slight impact: 39%
  • Small impact: 15%
  • No impact: 15%

The study asked about the financial impact of the attack and found that the average impact was 11% of annual revenue or about $12 million per company.

Businesses in the U.S. reported an average impact of 14% on annual revenue, with averages in the U.K. and Singapore of 8.6% and 9.1%, respectively.

The survey also revealed that 67% of companies have begun to share information with their technology counterparts, and 50% have begun to share more information with government officials.

Companies in Singapore were 57% more likely to share information with governments, followed by U.S. firms at 53% and U.K. firms at 43%. Barriers to this exchange include:

  • Concerns about privacy and liability
  • The lack of an automated or standardized mechanism for sharing information with peers
  • Shared information may not be timely or relevant when companies receive it

In addition, the attack also forced companies to rethink supply chain security: 42% of companies have already modified it, according to the survey.

A recent White House memo recommends companies take these steps to reduce the risk of cybercrime, namely ransomware:

  1. Implement key best practices such as multifactor authentication, endpoint detection and response, data encryption to render stolen data unusable, and a qualified security team that can quickly fix vulnerabilities and share threat information.
  2. Back up your data and keep it offline.
  3. Immediately deploy critical patches and consider a centralized patch management system complemented by a risk-based assessment strategy.
  4. Implementation and testing of an emergency plan.
  5. Put business functions and production or production processes on separate network segments and restrict Internet access to company networks.

For more information, read the original story in TechRepublic.


Related articles

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Cyber Security Today, May 15, 2024 – Ebury botnet still exploits Linux servers, Microsoft, SAP and Apple issue security updates

The Ebury botnet continues to exploit Linux servers, Microsoft, SAP and Apple issue security updates, and more. Welcome to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways