COVID-19 is not the only virus to worry about

Jan. 28, 2021
Cyber threats continue to pose a great threat to businesses of all kind. But more concerning that a cyber attack is a lack of planning how your business will react when — YES, when — one happens to your business.

With all the attention and coverage given to the pandemic and the associated financial crisis, it is easy to forget that other major stories impacted businesses in 2020. The year ended with headlines about a massive cybersecurity event, allegedly perpetuated by Russian actors and distributed by way of previously benign software updates from SolarWinds in a product called Orion – a “powerful and scalable IT management and monitoring platform.” It has been learned through the forensic investigation that the implanted malware was first introduced in October 2019 and lay dormant and undetected on the SolarWinds servers for months. Like asymptomatic victims of COVID-19, as many as 18,000 customers of SolarWinds had the malware and didn’t know it because nothing bad happened.

Beginning in March of 2020 the virus was instructed to do what viruses do – spread. And the method of distribution was the Orion software updates that SolarWinds customers count on the keep their technology current and guarded against the latest cyber threats. One customer, FireEye, supplies technology and tools to protect their clients, including many US government agencies and large businesses against malware.

It was FireEye that first detected the attack when they investigated the theft of some of their own IT penetration testing tools. The notable thing about FireEye’s role in this cyber incident is their customer list. FireEye is a software used by some US government agencies and large businesses to protect their environments against cyberattack. The U.S. Cybersecurity and Infrastructure Security Agency revealed that “fewer than 10” Federal agencies have been affected by follow-on activities tied to the attack. In addition to U.S. Commerce, Homeland Security, State and Energy departments, other targeted organizations include Iowa State University and Hilton Grand Vacations. That’s a lot of trouble to get out of your time-share.

The lesson of this real-life parable is that cyber threats continue today and pose a greater threat to government and corporate computing environments than ever before. There are a lot of threats and challenges competing for the attention of business decision makers. But few of them can put you out of business as fast and fully as a cyber attack and an inadequate response.

About a year ago I wrote about the experience of GCommerce and their response to a ransomware incident. It took several days to recover fully from the incident and today the company is protected by multiple, redundant layers of security and protection. Also new, are the multiple warm back-ups to enable full recovery from any future incident in hours – not days.

GCommerce President and CEO, Steven Smith made good on his commitment to “pay it forward,” share lessons learned and shine a bright light on this terrible threat to the continuity, and even existence, of businesses of all size. An informative webinar was produced featuring cybersecurity experts from the aftermarket. The recording is still available freely at www.gcommerceinc.com/cybersecurity

The longest lasting by-product of the cyber incident was for GCommerce to become a Lifetime Trustee of the University of the Aftermarket Foundation and the creation of a new class of scholarships for students studying in the fields of cybersecurity or information technology. The National Initiative for Cybersecurity Careers and Studies reports that the demand for cybersecurity experts is growing 12 times faster than the current U.S. job market. The U.S. Department of Commerce estimates there will be as many as 3.5 million unfilled positions by 2021. More information and the scholarship application can be found at https://uofa-foundation.org/

The largest security breach ever was discovered a few months ago and, ironically, capitalized on the tools and vulnerabilities of security software companies to spread. Take a few minutes away from COVID-19 matters and other challenges of today and ask really hard questions of your IT team about your cyber prevention and disaster recovery measures. Educate yourself and support the education of the next generation of leaders in how to deal with a completely different kind of virus infection.

About the Author

Scott Luckett | Chief Information Officer, AAIA

Scott Luckett is vice president, industry strategy for GCommerce, Inc. where he has responsibility for industry partnerships and major account development. Previously, Luckett rose through several positions at the Auto Care Association over 17 years and as CIO had responsibility for the Technology Standards Committee, the Telematics Task Force and the National Catalog Managers Association (NCMA). Before Auto Care, Luckett was an executive at a local automotive WD and prior to that was a top sales producer for Triad Systems (now Epicor). Luckett is a recipient of the Northwood University Automotive Aftermarket Management Education Awards and the Northwood Founders Service Award for his contributions to training and education in the Auto Care Industry.

About GCommerce
GCommerce connects over 1,200 suppliers with 600 retailers and wholesalers, exchanging in excess of 2 million transactions monthly. The GCommerce Virtual Inventory Cloud (VIC) is a powerful supply chain visibility solution to support drop ship and special orders. PBEPRO is a repository of rich, PIES-compliant product content for non-application product categories. GCommerce also offers an online web commerce platform, AutosoEZ, and a robust order fulfillment and shipping management application called Fulfillment Master. GCommerce is Driving Digital Commerce. Contact GCommerce at (515) 288-5850 or write to [email protected] to learn more.

Sponsored Recommendations

The impact of electric vehicles on the automotive market

Steps to help prepare your shop for electric vehicles.

The benefits of digital inspection tools

A good diagnostic tool arsenal should help you complete jobs faster and more efficiently.

Tool Review: Mayhew Tools 14-pc Micro Hand Tool Set

Reviewed by Benedict Grubner, technician at Mercedez-Benz of Burlington in Burlington, Massachusetts.

Big-Time Boxes: Korey Wong, Mac Tools

Although this technician works out of his service truck most days, he’ll never give up on his customized jack-o'-lantern-colored Macsimizer.

Voice Your Opinion!

To join the conversation, and become an exclusive member of Vehicle Service Pros, create an account today!