He admits that it is difficult to find experienced threat hunters, especially for small and medium-sized businesses. “But there are many things that a smaller organization can do to get started. It's not something you have or don't have - it's a continuum. ”
If something like SolarWinds happens, he says, all we need is to be able to read the reports, think about what happened, assess how these threats can appear in your organization, and then apply that knowledge. "That's it - the secret is just getting started," says Orlando. "This tends to be a challenge for medium and small organizations."
Companies can also bring in consultants or service providers or train their existing staff, says Orlando. "This is something that can be a minimal investment, but it can really be worth it by making you more resilient to these types of attacks."
It is not just security teams that can benefit. "If you have software development teams and system administrators, make sure they are up to date on modern cyber threats," says Orlando. “They are at the forefront of maintaining other systems and software like SolarWinds, and they may be in a good position to identify something that doesn't seem right. "
Usually, companies hire IT Specialists to solve technical problems, such as computer systems, software, hardware, networks, cloud platforms, etc.