SolarWinds Security Breach

The SolarWinds security breach, and the resulting spread to the firm’s extensive blue-chip client base, was a wake-up call for organisations worldwide, highlighting the need for increased cybersecurity measures and improved supply chain security. It demonstrated that even the most sophisticated and well-resourced organisations can fall victim to cyber-attacks and emphasised the importance of a proactive and comprehensive approach to cybersecurity.

The attack

In December 2020, FireEye, a prominent cybersecurity company, was investigating a breach of their infrastructure when they stumbled upon something unusual: the attack did not originate from within their network but from their supply chain. Further analysis revealed that the breach was enabled through an update to SolarWinds' IT management software, Orion, which facilitated a backdoor to the networks of users who had installed the update. FireEye dubbed the malware responsible for the attack as "SUNBURST." The subsequent phase of the attack, in which hackers accessed cloud-based services via the compromised networks, was called "TEARDROP."

As more information came to light, it became clear that the scale of the attack was unprecedented, affecting many high-profile organisations and companies, including Microsoft, Intel, and Cisco. Over 18,000 SolarWinds clients had installed the compromised update. Several US government agencies were also impacted, including the Department of Homeland Security, Commerce, and Treasury, and the National Nuclear Security Administration.

The breach was ultimately traced back to a group of hackers, allegedly working on behalf of the Russian Government, who had gained initial access to SolarWinds' systems in September of 2019. The attack went undetected for 14 months until FireEye noticed the breach and launched an investigation.

The SolarWinds breach was a stark reminder of the importance of supply chain security and the need for robust cybersecurity measures, including multi-factor authentication, encryption, and incident response plans. The attack also highlighted the need for increased collaboration and information sharing between organisations to better defend against future cyber threats.

Lessons learned from the SolarWinds security breach

In today's globalised economy, supply chains have become increasingly complex, involving multiple vendors and partners across different regions and countries. As a result, multiple potential points of vulnerability and risk must be addressed to ensure the security of the supply chain. Companies can mitigate these risks by implementing best practices such as regular security audits and assessments, vendor vetting and due diligence, data encryption and other security measures to protect sensitive data.

Organisations must prioritise cybersecurity, along with establishing a solid operational resilience framework.

The importance of Operational Resilience Framework

By implementing a comprehensive operational resilience plan, businesses can better identify and proactively mitigate potential risks and vulnerabilities. This includes measures such as regular testing and updates to security protocols, implementing redundant systems to reduce the impact of any disruptions, and establishing clear communication channels and contingency plans in the event of a cyberattack or other crisis.

A robust operations resilience framework will also help organisations quickly recover from a cyberattack or other disruption, minimising the potential impact on their operations and bottom line.

In today's increasingly connected and digital world, where the threat of cyberattacks and other disruptions is ever-present, operational resilience is essential to any comprehensive risk management strategy, allowing measures to be executed quickly and efficiently in the event of a breach.

Is your organisation operationally resilient? Our consultants have extensive experience in helping clients to assess and build resilience, get in touch to learn more.

‍

‍

‍