Insights and actions in the wake of the SolarWinds hack has been saved
Insights and actions in the wake of the SolarWinds hack
A new precedent in supply chain attacks
SolarWinds attack sets a new precedent in magnitude of impact and ability to evade traditional defense mechanisms, forcing leaders to ask what prevention, detection, and response efforts will ever be enough?
The imperative for action has arrived
SolarWinds is set to be one of the most prolific cyberattacks in recent history due to its magnitude, methodology, and sophisticated obfuscation. Attackers were able to evade mature cyber defenses, going undetected for months. As impacts from this event continue to unfold, leaders should consider programmatic changes to prepare for a future in which similar attacks are increasingly common.
What makes this breach noteworthy?
- Access likely was through manipulated accounts and deconstructed log files
- Attacks leveraged strong obfuscation in memory, enabling attackers to avoid detection and experience significant dwell time before discovery
- The attackers installed malicious code into a legitimate library running outside expected system processes
- The malware is thought to have been propagated with a patch and likely leveraged trusted code injection points
- The breadth and magnitude of the attack highlights strong interconnectivity between organizations across the public and private sectors and throughout their physical and virtual supply chains
Lessons learned from the Solar Winds attack
Cyberattacks call in to question an organization’s ability to trust its cyber defenses, supply chains, and partners, as well as its ability to respond effectively. When trust is a cornerstone of business operations and a strategic imperative, security decisions and efforts impact productivity, revenue, and broader organizational value.
Organizations should prepare for a future in which similar attacks are increasingly common and consider a vigorous emphasis on embedding cyber and trust into business practices may be better poised to be resilient.
Set YOUR standard of care based on your circumstances: Your cyber and risk practices should correlate to your individual risk profile and appetite
Understand your business ecosystem: Know who you're in business with and recognize that their security and the security of their vendors may impact your organization
Adopt a Zero Trust mindset: Assume a breach is possible, verify every user, transaction or request and do not presume trust
Pioneer security by design: Embed security into the SDLC from code design to production with DevSecOps
Prioritize response and recovery: Place as much importance on response and rebound efforts as you do on prevention and detection
Take the offense: Modern security principles (e.g. AI – enhanced threat hunting) can help you take a proactive approach
How Deloitte can help
Deloitte helps clients design build, and operate dynamic, business-aligned security programs for each stage in their cyber journey. Services that aligned to breach response efforts include, but are not limited to, the following:
- Threat Detection & Response
- Cyber Threat Intelligence & Threat Hunting
- Cyber Incident Response & Remediation
- Third-Party Assessments & Program Design
- Zero Trust Transformation
- DevSecOps “Security DesignedIn”
- Identity & Access Management (IAM), PAM, and Credential Risk Assessment & Implementation
- Governance, Risk, & Compliance (GRC)
- Data & Privacy Centric Defense –Risk & Regulatory
- Forensic Investigation, Response, & Recovery