Key Lessons from the SolarWinds Cyber Attack and How to Be Prepared

When the news broke about the SolarWinds cyber attack, it was clear that this was a breach unlike any we have seen before. From the method of the attack to its sheer scope, this hack has not only affected many in the private sector, but also several government agencies. To highlight the magnitude of this breach, here are some key data points:

  • SolarWinds has 300,000 customers, with fewer than 18,000 having installed the products that contained the vulnerability.
  • The vulnerability was slipped into a SolarWinds update that was released in March of 2020, 9 months before the breach was discovered.
  • Victims of this cyber attack include 425 of the Fortune 500 companies, 10 of the top U.S. telecommunications companies, the top five U.S. accounting firms, hundreds of colleges and universities, and several federal agencies.
  • CISA issued an emergency directive ordering all federal agencies to immediately disconnect any devices with the affected SolarWinds Orion product from their networks.

It was FireEye who initially detected the breach, and described the hackers as a highly sophisticated state-sponsored adversary. In a recent joint statement from the FBI, CISA, ODNI, and the NSA, it was announced that the hackers were “likely Russian in origin,” confirming earlier suspicions that it was carried out by a state-sponsored hacker group called APT29 or Cozy Bear.

While we are learning more about this breach with every passing day, the important thing for us to do now is to learn from our mistakes. Below are 3 key lessons we can learn from the SolarWinds cyber attack, and 3 ways you can be better prepared against such an attack.

Lesson #1: Cooperation Between the Public and Private Sectors is Key

When it comes to a good cyber defense, more information is always better. There have often been walls built up between the public sector and the private sector, with those from government agencies likely worried that sharing information with the private sector would compromise their sensitive intel. Meanwhile, those in the private sector feel like they provide information without getting anything in return.

However, this SolarWinds attack was identified by a private company and the government brought in private companies to help with the fallout. As Wickr Federal Advisory Board chair Kiersten Todt said, “We must establish a new framework for collaboration that facilitates the ability of the private sector to share its early-warning information with the government so that federal resources are brought to bear against threats that the private sector is not capable of confronting alone.” The more that we can learn to work together and share information, the better we can be at identifying and stopping major cyber attacks like this one.

Lesson #2: Don’t Ignore 3rd Parties

You can make every correct decision when it comes to securing your network, but it could all be for nothing if you ignore the impact that a 3rd party can have on your system. Hackers can use these 3rd party products as an entry point and then move laterally through your system. While there is no evidence that SolarWinds was negligent in their security, this massive cyber attack is a necessary wake up call to security professionals everywhere to consider the security of the 3rd party products you are using. If even one of the 3rd parties you use isn’t taking security seriously, you could be vulnerable to an attack.

Lesson #3: We Need Comprehensive International Laws

Cyber attackers aren’t held back by international borders, but for some reason, our laws are. In order to protect ourselves from future attacks, not only do the private and public sectors need to work together, but more countries need to combine forces. By operating outside of jurisdiction lines, hackers are not able to be properly prosecuted and held accountable for their actions. This leaves very few ramifications or punishments for carrying out such an attack. Again, only together as a global community can we stop the rise of cyber crime. If we try to tackle this problem on our own, we won’t succeed.

As we analyze the lessons we have learned from this attack, the next step is to prepare ourselves for the future. These three tips will help you be prepared if and when the next attack surfaces:

Tip #1: Have a Complete Knowledge of Your System

The time to make sure you know your system is now, not after a breach. After the SolarWinds attack happened, many businesses were scrambling to find out if they were even using the affected software. You should know everything about your system and any possible attack surfaces. Now is the time to take stock of your infrastructure, software, and supply chains. In order to detect if you are being attacked, you need a comprehensive understanding of your system and a steady baseline to compare against any future activity.

Tip #2: Keep Your Systems Updated

This advice might seem counterintuitive, considering that the SolarWinds attack was distributed via a software update. However, in the wake of this attack, many companies are taking a closer look at their security measures and doing whatever they can to prevent this kind of attack from happening to them. This will translate to many new updates being published in the coming weeks. Make sure to download these in a timely manner, as keeping current with updates is still a key way to protect your system. In 2019, 60% of breaches were linked to a vulnerability with an available patch that simply wasn’t applied. This very basic function can have serious ramifications if it isn’t carried out regularly and promptly. Do your future self a favor and keep your systems updated.

Preparation #3: Leverage Technology

Now is not the time to trust your gut when it comes to cyber threats. AI can detect a breach far before a person can, and with cyber attacks becoming increasingly sophisticated, we can’t afford not to use these advancements in technology. After all, reports show that it takes an average of 191 days to discover a breach. Use AI to your advantage to identify any potential vulnerabilities in your systems and to detect when any activities are out of the ordinary.

When Your Network is Compromised, Trust Wickr

When networks are down, enterprises and government agencies alike trust Wickr. Featuring the highest level of security and built by a team of U.S. cybersecurity experts, you can be fully protected while using any of our features, including voice and video calling and conferencing, messaging, file sharing, and more. Our zero trust architecture can tolerate a full back-end breach without compromising message content. Learn more about Wickr today and how we can ensure that your communications stay protected, even in the harshest of environments.