EXECUTIVE SUMMARY:

Last week, an IT monitoring and management tool company experienced a cyber breach, and its customers are now contending with the fallout.

The cyber attacks impacted who, exactly?

The hackers appear to have leveraged a “supply chain attack”, embedding malicious code into legitimate software updates that were delivered to the targeted organization’s customers.

Enterprises around the world have felt the effects of this cyber attack. Victims include government agencies, consulting groups, tech firms, telecom operators, and extractive entities across four continents.

One cyber security firm reports that a huge global hacking campaign, of which this attack was a component, has been identified. The campaign is intended to launch network hacks into public and private organizations via “the software supply chain”.

How massive is this cyber security emergency, really?

A US emergency directive requests for all federal agencies operating the affected software to report that they have shut down the software by noon, Eastern Time, on Monday. Both the US Treasury and the US Commerce Departments experienced disruptions and breaches due to this attack.

A Commerce department spokesperson stated that “We have asked CISA and the FBI to investigate, and we cannot comment further at this time.”

The affected technology is also used by many other high-profile groups. The Financial Times reports that “almost all” Fortune 500 companies rely on it.

The full extent of the damage induced by this cyber attack has not yet been fully assessed and reported. Months of detective work may be required.

The domino effect is real.

Protect your organization and affiliated entities. One organization’s cyber security policies, tools and best practices can dramatically impact business outcomes for customers and partners.

Here’s what your organization can do today in order to protect against cyber attacks:

1. Encourage all employees to use complex and different passwords for digital accounts. Request for employees to use passwords in the business environment that are dissimilar from personal passwords used for Gmail accounts and Netflix.
2. Suggest that employees reflect on which US government sites they’ve accessed in recent months (if any), and that they change their passwords. Sites for US social security benefits, the IRS’s website, and the Small Business Administration’s website should be included in this calculous.
3. Look out for notifications from US government agencies (and be sure that these are authentic) stating that corporate information may have been compromised.
4. Invest in top tier cyber security and get the latest security tools.

For more on this breaking story, visit USA Today.