The Ritz Herald
The U.S. Department of Justice is one of many U.S. government agencies whose systems are said to have been targeted by hackers who inserted malware in SolarWinds Orion software. © Bloomberg Finance LP

SolarWinds Breach: Supply Chain Attack Means Security Departments Need More Resources to Manage Risk


Organizations impacted by SolarWinds breach need long-term strategy

Published on December 22, 2020

DMI, a leading digital transformation company, urges organizations impacted by the SolarWinds breach to consider their long-term approach to managing risks while working to resolve the current situation. Orion, the SolarWinds product that was recently hacked, provides centralized monitoring across an organization’s entire IT stack and is widely used by U.S. federal agencies and other major corporations.

“This supply chain attack is concerning because it piggybacked on an otherwise trusted software update,” said Alan Hendricks, senior director, cyber at DMI. “The process meant to reassure users that the software could be trusted was compromised, and organizations are going to have to develop a long-term strategy for managing risks with third-party vendors.”

What should organizations do after an attack of this magnitude?
In the short term, Hendricks said any organization that uses the SolarWinds product must immediately take steps to resolve the core vulnerability by taking the tool offline and implementing the vendor patch. Additionally, organizations must conduct forensic analysis to determine the level of infiltration, data exfiltration, affected devices, and compromised systems.

Once these immediate steps have been taken, organizations must develop a long-term strategy to prevent future occurrences. Considerations include, but are not limited to, ensuring the network is segmented in such a manner the restricts movement between systems; vetting their product and service vendors to ensure they meet or exceed cybersecurity controls and operational standards; implementing data loss prevention capabilities; reviewing and updating security policies and procedures; and ensuring incident response, continuity of operations, and disaster recovery plans are developed tested, and implemented.

“It is critical organizations utilize threat intelligence tools and processes to help identify supply chain compromises to identify potential threats and vulnerabilities, and plan for appropriate mitigation measures to prevent similar attacks,” Hendricks said. In layman’s terms, he explained, security departments must have personnel, processes, and tools necessary to manage the risk associated with using third-party vendors. Supply chain risk assessments are critical to ensure vendors perform due diligence and implement industry best practices for security standards and controls.

When developing incident response plans, Hendricks said, organizations must engage their suppliers. Both parties need to have plans to notify the other if their network, systems, or data have been compromised or a compromise is suspected. Organizations must review and monitor vendor access and review system logs regularly. This includes change management controls that regulate updates and other modifications that go into production.

Hendricks added organizations should also implement reliable backup measures to ensure data is available for recovery operations and the backup systems themselves are not at risk of compromise. These measures should include real-time notification and resolution of backup failures and regular testing of backup restoration.

Seek Outside Help
Many organizations do not have the skilled expertise, tools, or other resources necessary to accomplish this independently and will benefit from outside IT expertise. DMI provides the required support and resources to gain and maintain a real-time understanding of current security posture, design and implement end-to-end cybersecurity, and quickly recover from major security incidents.

For more information on DMI’s full suite of Security Managed Services, click here.

Staff Writer