4 Mar 2021
In December 2020, the IT security world was rocked by an announcement from network management firm SolarWinds: they had suffered a devastating cyberattack. With a strain of malware infecting software updates for their Orion platform, a program that provides security for U.S. federal agencies and Fortune 500 companies, SolarWinds faced a breach that put thousands of their customers in hackers’ crosshairs. Months later, the attack is ongoing, and the House Oversight and Homeland Securities committees believe a Russian hacking group is to blame. While President Biden is reportedly considering imposing sanctions on the suspects, for SolarWinds, the fight for SolarWinds to recover its security and reputation is just beginning. For the rest of us, the lessons of this cautionary tale are here to stay. As we ready ourselves to examine the lessons from this cyber-nightmare, we already see how the feds are reacting. The scope, prominence, and peril of the attack have the U.S. government entirely reevaluating the way it thinks about IT security—that means your organization has the opportunity to do the same. So today, we ask:
- What were the victims of the SolarWinds hack lacking?
- What vulnerabilities did they expose?
- And in the end, what can the IT security world take away from the SolarWinds attack to prevent such damage in the future?
1. Missing Cybersecurity PersonnelIT security has been relevant since the inception of the Internet, but only recently has it started to take on a life of its own in work environments. Federal agencies dealing with the SolarWinds hack didn’t necessarily have designated teams or personnel to address sudden and unexplained breaches, as issues of federal compliance have made clear. The fact is that not every entity has a devoted IT security team, and those that do exist are often underfunded, understaffed, or otherwise lacking the means to prevent, much less respond to, serious cyber-threats. Allocating resources is a difficult part of any executive’s job, but if there’s one thing the SolarWinds hack has taught us, it’s that setting some aside for IT security is a worthwhile investment. Does your organization have a team? How are they equipped, and do they stay apprised of developments in the IT security world? Diverting the complex responsibilities of IT security management to a designated few employees with deep experience as well as a commitment to emerging threat awareness will ensure that you have somewhere to turn if something malicious attempts to infiltrate your operations.
2. Disjointed Lines Of CommunicationThe SolarWinds hack was unusually expansive in its tactics: the attackers infected the company’s Orion update, then let SolarWinds customers download the malicious update, and went on to select targets for the next step of intrusion. When malware affects a supply chain, it requires a swift and coordinated multi-step response, which relies upon a pre-defined and clear pipeline for communication—something CISOs work to develop and trigger when needed. But if you’re a smaller or mid-sized organization, you may not have a CISO, so what can your organization do to keep communication clear in the wake of a cyberattack? For one, step outside your organizational bubble and share what you know to your supply chain partners. This type of information security may be on the brink of being mandated; IT security leaders have expressed an interest in a requirement for companies to share timely reports on digital intrusions with the federal government, so others at risk can go into defense mode promptly and reduce negative impact. You can also ensure that your systems have a means of efficiently detecting malicious entities and alerting you when they do, a job 24/7 vulnerability scanning is designed for, then designating employees or teams to be on the ready for immediate next steps. Which brings us to…
3. A Scrambled ResponseOne of the House committee’s major priorities is establishing a strong and unified response against the SolarWinds hackers. They hope to take this opportunity to craft legislation that draws a line between acceptable and unacceptable international espionage, as well as holds cyberattackers accountable for malicious campaigns too massive to ignore. While your organization may not have the authority to impose consequences on your attackers (although it’s another story if those attackers are insiders), you can still proactively define a response plan in case of intrusion. When hackers target your systems, you should know which of your assets are the most vulnerable and therefore at the most risk, have backup systems ready in case the attack disrupts your operations, and prepare to deploy a cyber resilient recovery plan to withstand damage to your data, your organization’s functionality, and its reputation alike.
3 Ways to Defend Against Emboldened HackersWe’ll never know where the next SolarWinds will be, but hackers worldwide have taken note at the “success” of this attack and are, if anything, emboldened. While investing in your IT security today may feel like a budgetary stretch, it will always make a difference tomorrow—and one that’s ultimately enormously cost-effective. Here are some important, yet affordable options to consider for 2021…
- Vulnerability Assessment and Management provides you 24/7-365 scanning, so even if it’s well between annual assessment time for your organization, you can detect and head-off emerging threats in real time, as well as alert supply chain partners.
- When it is annual assessment time, work with a partner who goes well beyond just the regulations in examining your environment, because that’s where hackers are more likely to target. A rigorous and highly accurate IT Security Assessment should provide a 360-degree review of your organization’s processes and technology that provides a complete understanding of your risk status. Our experts at BAI Security offer an evaluation of the maturity of your current IT security capabilities, thorough identification of your systems’ vulnerabilities, as well as fully customizable add-ons, including:
- Vulnerability and Penetration Testing
- Extensive Firewall Evaluation
- Antivirus Best Practices Evaluation
- Network Security Best Practices Evaluation
- Remote Location (Branch) Evaluation
- Remote Access Evaluation
- Wireless Security Evaluation
- Don’t forget the power of enabling your first line of defense—your employees. Begin fostering your human firewall and reduce risk by as much as 91% by enhancing your IT Security Assessment with a Social Engineering Evaluation.