When it comes to a security breach, scope is everything—and the current Solar Winds hack has the government in its crosshairs.

When it comes to a security breach, scope is everything—and the current Solar Winds hack has the government in its crosshairs.

It started on December 8th, when cybersecurity incident response firm FireEye announced they had come under attack. Roughly 300 proprietary software tools were stolen, in use by the company and their clients to assess and secure their IT security protocols.

Five days later, the network management software firm SolarWinds reported an expansive breach. Hackers had injected a strain of malware into the software updates for their Orion platform, which provides IT security monitoring U.S. federal agencies and a number of Fortune 500 companies.

The SEC filing reports that of SolarWinds’ 300,000 customers, some 18,000 were at risk of having a compromised version of the Orion product. FireEye’s investigation into the malware revealed that Orion had first fallen victim in March of this year, and that its own breach was a result of compromised Orion software.

The hack isn’t short on national security implications—the SolarWinds attackers managed to read communications from the U.S. Departments of Treasury and Commerce, and computer networks at the Department of Homeland Security faced infiltration. As soon as SolarWinds disclosed the attack, CISA relayed an emergency directive for all agencies to disconnect their Orion software.

Containment is key in the event of a large breach like the SolarWinds incident, but what else can we learn? How much of the SolarWinds breach is a cautionary tale, and how much of it is the reality of living in an ever-evolving threat landscape?

Any Way The Wind Blows

If anyone understands the importance of having verified third-party IT security providers, it’s the federal government. But the SolarWinds incident proves that vetting the middleman isn’t enough. Providers use other providers, so familiarizing yourself with your partners’ security protocols is just as essential to your organization’s security as is attending to your own.

For instance, SolarWinds clients were compromised not by malware in the Orion platform, but malware in the software used to update the Orion platform. The threats inherent in using third-party software can be mitigated with frequent security scans, as well as ensuring your scanning tools are best-of-breed, whether your own or those of your IT security provider—otherwise, you risk a false sense of security that leaves you vulnerable.

Security breaches don’t just threaten your sensitive data—they also put your reputation in jeopardy. With SolarWinds under scrutiny for stock sales and leadership changes just days before they disclosed the incident, it’s important to consider how your organization will manage publicity and communication in the wake of a major cyberattack.

Honesty remains the best policy, both within your organization and outside of it. Maintaining an open line of communication with your IT security team, provider, or both is important for your organization’s general security, as is immediately reporting suspicious or unprecedented activity internally and to any connected vendors.

Quick, concise, and effective communication to potentially affected clients and customers will give you additional credibility in the eyes of the public. Your efforts in quick assessment of an unpredicted cyber threat should reflect a keen knowledge of your internal security protocols, attention to your highest priority data and systems, and rapid crisis response to contain negative impact and re-secure your environment.

Security On All Levels

As a partner to organizations that hold highly sensitive information and rely on secure operations, we care about the quality and depth of our service as much as you do. Our award-winning tools and customized solutions are cutting-edge, independently validated, and globally recognized—providing you accurate results and true protection.

Worried about malware slipping through the cracks? Consider our highly cost-effective Network Vulnerability Assessment for year-round on-demand scanning and real-time solutions.

For more information, contact us today.