SolarWinds manages various parties engaged in reaction and recovery operations to restore business equilibrium
In a world where every Fortune 500 company is essentially a software company, the SolarWinds hack has proven to be a significant wake-up call for cybersecurity and supply chain integrity.
The historic attack on SolarWinds, a legacy network management provider, has exposed the vulnerabilities in the outdated build process, making it the poster child for overhauling such practices. The compromise affected at least 100 companies and nine federal agencies, disrupting upwards of 16,000 computer systems worldwide, according to the White House estimates.
FireEye, a leading cybersecurity firm, handled the incident admirably, discovering the entire campaign and breaking open the whole thing. The attack on FireEye, however, was likely a case of hubris on the part of the perpetrators, as they attempted to create another multifactor token for an existing employee when FireEye was alerted.
SolarWinds is cooperating with federal law enforcement, private industry investigators, customers, insurers, and other stakeholders in the aftermath of the attack. Tim Brown, CISO of SolarWinds, suggests treating employees with mission-critical access as a tiered model. SolarWinds also recommends moving development engineering controls under IT, audit, or inspection. Companies need to revisit security policies around the build cycle.
Many cyber incidents go unreported, making continuous information sharing improvements challenging. This is a concern that extends beyond SolarWinds, as cyberconflict is closing in on both the private and public sectors equally. Enterprises are nation-state targets 35% of the time, compared to governments or regulatory agencies at 12%.
The SolarWinds hack is being viewed as a risk issue, not just a technical security issue. Tech providers, including SolarWinds, can struggle with access management due to an underlying belief that frontline employees need control and modification freedoms for their environments. It's hard to reset access when adding people in different business units that don't need that kind of access.
One of the most impressive cyber espionage campaigns, the SolarWinds hack has been linked to Alex Stamos, a renowned cybersecurity expert. While Stamos is not directly associated with a group named "Krebs Stamos", he has worked for large corporations in the past and is well-known in the cybersecurity field. Brian Krebs, a famous cybersecurity journalist, has also covered SolarWinds-related topics, but there is no information available regarding a professional connection between Stamos and Krebs in relation to SolarWinds.
Companies often keep things close to the chest after a cyber incident, but SolarWinds is juggling the motivations of various stakeholders while keeping the business resilient. This transparency is commendable and serves as a model for other companies facing similar challenges. For specific information about cybersecurity consultants working for SolarWinds, it would be advisable to consult the official SolarWinds website or press releases for more detailed information.
The U.S. has been involved in supply chain attacks, such as the Juniper Systems case in 2015. This underscores the importance of vigilance and proactive measures in securing the digital infrastructure of companies and nations. As we navigate this new landscape, it is essential to remember that the best defence is a combination of strong prevention technology, robust recovery and restoration capabilities, and a culture of transparency and continuous learning.
