Insights and actions in the wake of the SolarWinds hack

What makes this breach noteworthy?

• Access likely was through manipulated accounts and deconstructed log files
• Attacks leveraged strong obfuscation in memory, enabling attackers to avoid detection and experience significant dwell time before discovery
• The attackers installed malicious code into a legitimate library running outside expected system processes
• The malware is thought to have been propagated with a patch and likely leveraged trusted code injection points
• The breadth and magnitude of the attack highlights strong interconnectivity between organizations across the public and private sectors and throughout their physical and virtual supply chains

Lessons learned from the Solar Winds attack

Cyberattacks call in to question an organization’s ability to trust its cyber defenses, supply chains, and partners, as well as its ability to respond effectively. When trust is a cornerstone of business operations and a strategic imperative, security decisions and efforts impact productivity, revenue, and broader organizational value.

Organizations should prepare for a future in which similar attacks are increasingly common and consider a vigorous emphasis on embedding cyber and trust into business practices may be better poised to be resilient.

Set YOUR standard of care based on your circumstances: Your cyber and risk practices should correlate to your individual risk profile and appetite

Understand your business ecosystem: Know who you're in business with and recognize that their security and the security of their vendors may impact your organization

Adopt a Zero Trust mindset: Assume a breach is possible, verify every user, transaction or request and do not presume trust

Pioneer security by design: Embed security into the SDLC from code design to production with DevSecOps

Prioritize response and recovery: Place as much importance on response and rebound efforts as you do on prevention and detection

Take the offense: Modern security principles (e.g. AI – enhanced threat hunting) can help you take a proactive approach

How Deloitte can help

Deloitte helps clients design build, and operate dynamic, business-aligned security programs for each stage in their cyber journey. Services that aligned to breach response efforts include, but are not limited to, the following:

• Threat Detection & Response
• Cyber Threat Intelligence & Threat Hunting
• Cyber Incident Response & Remediation
• Third-Party Assessments & Program Design
• Zero Trust Transformation
• DevSecOps “Security DesignedIn”
• Identity & Access Management (IAM), PAM, and Credential Risk Assessment & Implementation
• Governance, Risk, & Compliance (GRC)
• Data & Privacy Centric Defense –Risk & Regulatory
• Forensic Investigation, Response, & Recovery