TMCnet Feature
March 03, 2021

Learning From the SolarWinds Hack: What Does It Tell Us About Today's Cybersecurity?

SolarWinds (News - Alert), an American software development company that creates infrastructure technologies for a variety of client companies, was the subject of a widespread cybersecurity attack near the end of 2020. The attack, according to Brad Smith, President of Microsoft (News - Alert) Corp. (one of SolarWind’s clients whose systems were compromised) was one of "the largest and most sophisticated attacks the world has ever seen.”

You may have heard Smith say this on "60 Minutes," the Sunday evening program on CBS.

In the end, this attack is still being investigated and fixed. The breach went on for months before it was diagnosed in December of 2020, and engineers are still fishing out the hackers and identifying which systems were compromised.

Clients and their networks and data were ultimately breached via a network monitoring software called Orion. According to SolarWinds, approximately 33,000 private and public customers used Orion at the time of the attack, including several United States government agencies and Microsoft itself. U.S. government officials have targeted Russia as the source of the attack.

While no one can go back in time to prevent this catastrophe, there are some things we can learn from it concerning today’s state of cybersecurity. We spoke with several experts in the network security IT field, and here’s what they had to say.

What Can We Learn From the SolarWinds Attack of 2020?

#1 – Unfortunately, hackers will never slow down.

Carl Fransen of CTECH Consulting Group said it best when he said: “There is a continuous game being played between the threat actors (attackers) and the IT industry (defenders).”

Call this what you will — a contest, battle, a fight for justice, an all-out war — but it seems this is the norm, and it’ll stay that way until it becomes unlucrative to be a hacker. “As new software and innovations are being introduced by the industry,” Fransen continues, “threat actors are continuously finding ways of discovering and exploiting vulnerabilities. This back and forth creates a natural evolution of creating more secure software and promoting better coding practices. This is a case of adversity creating better software.”

#2 – Above all else, detection is key.

Network security is a lot of things. Most people think of it as simply prevention, however. Clients go to network security providers to prevent breaches and attacks completely. They think that if they invest in the proper firewalls and other software components, they can stop all hackers from getting in in the first place.

People like Guy Baroan of Baroan Technologies have a different take:

“The SolarWinds hack just shows how there is NO way to stop someone from getting into your network and data if they want to get in … It is nearly impossible to be so secure that no one can get in.”

While this may sound dismal, the point here isn’t that you should just give up and stop worrying about security. The point is that prevention is only a part of proper security. The other part is detection. Guy continues:

“The most important aspect of all the different security needs for an organization is the need to be able to detect when something is going on. There are still so many organizations that don’t have this in place — the detection part of the security framework.”

Put simply, if SolarWinds had been able to find the breach earlier in 2020, they could've prevented a lot of damage and compromised data.

#3 – Companies need cybersecurity professionals at the helm.

A little-known fact regarding the SolarWinds attack is that at the time of the breach, the company did not have a senior director of cybersecurity or a chief information security officer on staff. In fact, this is quite typical of even large IT companies, says 4IT’s Alexander Freund.

He goes on to say that “quite often, the people responsible for approving a cybersecurity budget are not cybersecurity professionals, and far more often than not, their primary motivation is profitability … We have watched this exact problem play out historically across almost every industry when organizations are free to choose risk vs. profit.”

“If there is a way out, there is a way in.” – Demetrius Cassidy, In The Cloud Technologies

Unfortunately for many companies who simply want to defer their network security management to an IT company and call it a day, ensuring the safety and security of your own data and network systems is a bit more complicated. Naturally, this was the case for clients of Microsoft who didn't realize that even if Microsoft had its security act together, they also had vendors of their own that they were working with. “It … doesn't stop with people who are your immediate vendors,” explains Demetrius, “You also need to examine their supply chains.

The SolarWinds attack has left companies with a lot of questions. While it’s true that you can never totally guarantee that you won’t be the victim of a cyberattack, you can see clearly the importance of network security and data protection. Especially today, this is not an area where you should put profits above security.

» More TMCnet Feature Articles


» More TMCnet Feature Articles