The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda.  Against this sort of opponent, civilian organizations will need to up their game if they don't want to become the next headline. Basic cybersecurity is not enough.  Organizations need to employ industry best practices, and then go farther with user education, programs to review and update their security, and deploying best in breed security solutions, including security analytics. The long term advantage is that defenses designed to resist a State level attack should be more than enough to thwart the more common cybercriminal.