Organizations impacted by SolarWinds breach need long-term strategy
BETHESDA, Md., Dec. 21, 2020 /PRNewswire/ -- DMI, a leading digital transformation company, is urging organizations impacted by the SolarWinds breach to consider their long-term approach to managing risks while working to resolve the current situation. Orion, the SolarWinds product that was recently hacked, provides centralized monitoring across an organization’s entire IT stack and is widely used by U.S. federal agencies and other major corporations.
“This supply chain attack is concerning because it piggybacked on an otherwise trusted software update,” said Alan Hendricks, senior director, cyber at DMI. “The process meant to reassure users that the software could be trusted was compromised, and organizations are going to have to develop a long-term strategy for managing risks with third party vendors.”
What should organizations do after an attack of this magnitude?
In the short term, Hendricks said any organization that uses the SolarWinds product must immediately take steps to resolve the core vulnerability by taking the tool offline and implementing the vendor patch. Additionally, organizations must conduct forensic analysis to determine the level of infiltration, data exfiltration, affected devices and systems compromised.
Once these immediate steps have been taken, organizations must develop a long-term strategy necessary to prevent future occurrences. Considerations include, but are not limited to, ensuring the network is segmented in such a manner the restricts movement between systems; vetting their product and service vendors to ensure they meet or exceed cybersecurity controls and operational standards; implementing data loss prevention capabilities; reviewing and updating security policies and procedures; and ensuring incident response, continuity of operations, and disaster recovery plans are developed tested, and implemented.
“It is critical organizations utilize threat intelligence tools and processes to help identify supply chain compromises to identify potential threats and vulnerabilities, and plan for appropriate mitigation measures to prevent similar attacks,” Hendricks said. In layman’s terms, he explained, security departments must have personnel, processes, and tools necessary to manage the risk associated with using third party vendors. Supply chain risk assessments are critical to ensure vendors are performing due diligence and implementing industry best practices for security standards and controls.
When developing incident response plans, Hendricks said, organizations must engage their suppliers. Both parties need to have plans to notify the other if their network, systems, or data have been compromised or a compromise is suspected. Organizations must review and monitor vendor access and review system logs on a regular basis. This includes change management controls that regulate updates and other modifications that go into production.
Hendricks added organizations should also implement reliable backup measures to ensure data is available for recovery operations and the backup systems themselves are not at risk of compromise. These measures should include real-time notification and resolution of backup failures and regular testing of backup restoration.
Seek Outside Help
Many organizations do not have the skilled expertise, tools or other resources necessary to accomplish this on their own and will benefit from outside IT expertise. DMI provides the required support and resources to gain and maintain real-time understanding of current security posture, design and implement end-to-end cybersecurity, and quickly recover from major security incidents.
For more information on DMI’s full suite of Security Managed Services, please visit https://dminc.com/federal/cybersecurity/.
DMI is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for more than a hundred Fortune 1,000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,500+ employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. www.DMInc.com
View original content to download multimedia: http://www.prnewswire.com/news-releases/organizations-impacted-by-solarwinds-breach-need-long-term-strategy-301196902.html