SolarWinds Supply Chain Breach

January 24, 2021

SolarWinds is a software company that primarily deals in systems management tools used by IT professionals. The most widely deployed SolarWinds product is Orion, which is a Network Management System (NMS). SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide.

How did the SolarWinds Attack Occur?

During the SolarWinds attack, hackers planted a backdoor in software updates for the SolarWinds Orion platform, which could be activated when customers updated the software. A customer was the first to discover the backdoor, which was soon called ‘Sunburst.’

The SolarWinds supply chain breach should be considered critical given that it could lead to full organization compromise. It has undoubtedly raised questions about whether your company will be impacted. To help the community understand its exposure, we have assembled a list of seven crucial questions to ask third parties in order to determine their response to this incident. See below for the questions and some possible response options to evaluate risk levels and understand potential third-party disruptions.

  1. Has the organization been impacted by the recent SolarWinds “Sunburst” malware cyberattack? The answer to this question should either be a ‘Yes’ or a ‘No’.
  2. What is the type of impact to the organization as an outcome of this cyberattack? There can be four different answers to this question. One answer is that there is a significant impact on the network, IT operations, or security products. The cyberattack has caused systems or infrastructure to stop working or become unavailable. There has also been a loss of confidentiality or integrity of data. Another response could be that there could also be a high level of impact on the network, IT operations, or security products. Service availability has been periodically lost, and there is the potential for some systems to periodically stop. Some loss of confidentiality or integrity of data. Yet another could be a low level of impact on the network, IT operations, or security products. No loss of confidentiality or integrity of data; minimal or no disruption of service availability. Lastly, the cyber attack has had little to no impact on the network, IT operations, or security products.
  3. Does it affect critical services delivered to clients? The answer to this question could either be a ‘Yes’ or a ‘No’.
  4. Does the organization have an incident investigation and response plan in place? This too can have four possible answers. First, the organization has documented an incident management policy. Second, the incident management policy includes rules for reporting information security events and weaknesses. Third, an incident response plan is established as part of incident investigation and recovery. Finally, incident response planning includes escalation procedures to internal parties, and communication procedures to clients.
  5. You should also inquire about a point of contact who can answer any additional queries.
  6. Has the organization amended existing controls or implemented new controls to rectify and mitigate the impact the cyber-attack has had on the business? This question can have four answers. One could be that the controls have been identified and implemented to mitigate the impact of the cyber-attack. Another could be that the controls have been recognized and are currently being implemented to mitigate the impact of the cyber-attack. The third could be that the organization has identified which controls need to be updated or implemented, however, this has not been executed yet. Finally, controls are not or are not able to be administered.
  7. If controls are unable to be implemented, is the organization able to execute compensating controls or methods to avoid future cyber-attacks? This can have two answers. First, compensating controls or workaround methods have been implemented which has mitigated the impact caused by the cyber-attack. Second, the organization has not identified or is able to implement compensating controls to mitigate the impact caused by the cyber-attack.

Implement effective IT Risk Management

SureShield is an IT risk and compliance management that offers comprehensive Security, Compliance, and Integrity solutions designed to safeguard businesses from cyber threats and ensure regulatory compliance. Our advanced security measures encompass threat detection, incident response, and proactive monitoring to protect sensitive data and systems from unauthorized access.

Check out our website for more information. Also, read our blog on the Kaiser Permanente data breach that shook the healthcare industry and how the meat industry is the latest to be affected by ransomware. It is also helpful to understand the role of whistleblowers in cybersecurity.

Leave a comment

Your email address will not be published. Required fields are marked *