circle with bolded green color


Insights and actions in the wake of the SolarWinds hack

A new precedent in supply chain attacks

SolarWinds attack sets a new precedent in magnitude of impact and ability to evade traditional defense mechanisms, forcing leaders to ask what prevention, detection, and response efforts will ever be enough?

The imperative for action has arrived

SolarWinds is set to be one of the most prolific cyberattacks in recent history due to its magnitude, methodology, and sophisticated obfuscation. Attackers were able to evade mature cyber defenses, going undetected for months. As impacts from this event continue to unfold, leaders should consider programmatic changes to prepare for a future in which similar attacks are increasingly common.

What makes this breach noteworthy?

  • Access likely was through manipulated accounts and deconstructed log files
  • Attacks leveraged strong obfuscation in memory, enabling attackers to avoid detection and experience significant dwell time before discovery
  • The attackers installed malicious code into a legitimate library running outside expected system processes
  • The malware is thought to have been propagated with a patch and likely leveraged trusted code injection points
  • The breadth and magnitude of the attack highlights strong interconnectivity between organizations across the public and private sectors and throughout their physical and virtual supply chains

Lessons learned from the Solar Winds attack

Cyberattacks call in to question an organization’s ability to trust its cyber defenses, supply chains, and partners, as well as its ability to respond effectively. When trust is a cornerstone of business operations and a strategic imperative, security decisions and efforts impact productivity, revenue, and broader organizational value.

Organizations should prepare for a future in which similar attacks are increasingly common and consider a vigorous emphasis on embedding cyber and trust into business practices may be better poised to be resilient.

Set YOUR standard of care based on your circumstances: Your cyber and risk practices should correlate to your individual risk profile and appetite

Understand your business ecosystem: Know who you're in business with and recognize that their security and the security of their vendors may impact your organization

Adopt a Zero Trust mindset: Assume a breach is possible, verify every user, transaction or request and do not presume trust

Pioneer security by design: Embed security into the SDLC from code design to production with DevSecOps

Prioritize response and recovery: Place as much importance on response and rebound efforts as you do on prevention and detection

Take the offense: Modern security principles (e.g. AI – enhanced threat hunting) can help you take a proactive approach

How Deloitte can help

Deloitte helps clients design build, and operate dynamic, business-aligned security programs for each stage in their cyber journey. Services that aligned to breach response efforts include, but are not limited to, the following:

  • Threat Detection & Response
  • Cyber Threat Intelligence & Threat Hunting
  • Cyber Incident Response & Remediation
  • Third-Party Assessments & Program Design
  • Zero Trust Transformation
  • DevSecOps “Security DesignedIn”
  • Identity & Access Management (IAM), PAM, and Credential Risk Assessment & Implementation
  • Governance, Risk, & Compliance (GRC)
  • Data & Privacy Centric Defense –Risk & Regulatory
  • Forensic Investigation, Response, & Recovery

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?