ON THE TOPIC OF CYBERSECURITY
What are You Doing to Secure Your Data? You may be aware of a major and widely publicized cybersecurity breach involving SolarWinds software, which is used by over 300,000 customers, including U.S. government agencies and most of the U.S. Fortune 500 companies. Threat actors, believed to be from Russia, inserted malicious code into SolarWinds software to gain access to confidential information of SolarWinds’ customers. Because the SolarWinds’ technology (legitimate SolarWinds software) was leveraged to compromise its clients’ infrastructure, the incident was labelled as a “supply chain attack.” Successful attacks tied to SolarWinds came to light as a sophisticated combination of leveraging the compromised SolarWinds components and stealthy movements in the victims’ network environment in order to access and extract confidential information. While known indicators related to compromise have been released, there was no “quick fix” to fully identify and recover from these attacks because the threat actors basically had an “open door” deep in the victim’s networks—potentially dating as far back as March 2020. The follow-up activities would be specific for each impacted organization.
SolarWinds Breach While we do not yet know the full impact of the attack, banking institutions need to think through cybersecurity risk management. It is important to emphasize that most financial institutions need to implement pragmatic security measures based on their threat model. Different threat actors have different motivations, techniques, and capabilities. Your IT service provider should design its assessment and planning process around a capability based maturity model which helps you determine the correct control levels needed for your organizations threat model. By assessing your cyber risk and prioritizing remediation activities based on real world threats, your provider can help your organization building a strong, resilient, and cost-effective information security program.
While we do not yet know the full impact of the attack, banking institutions need to think through cybersecurity risk management. It could be tempting to dismiss doing anything about cybersecurity: after all, the U.S. Treasury, the Departments of Homeland Security, State, Defense, and Commerce, and big security companies like Microsoft and FireEye were compromised—so what could your financial institution do to prevent the risk of cyber-attacks if these giants were unable to do so? First and foremost, if your organization, or the managed IT service provider who is supporting your organization, is using SolarWinds, you may need to perform a comprehensive security risk in order to fully understand the potential exposure. The backdoor was activated for a few organizations but if the compromised SolarWinds components were installed, it will be necessary to look through logs for indicators of compromise activity released. Supply chain security is not something most organizations have the resource to implement—which is why it is important to focus on detective controls and look for anomalous behavior. It is never too late to start becoming more proactive with your cybersecurity posture and this is an opportunity to get your organization in gear to begin defending against more advanced threats.
Dean Dorton Cybersecurity offers a comprehensive portfolio of services designed to meet all your organization’s information security needs, from understanding your information security posture, building and maintaining an effective information security program, to responding to incidents. To learn more about Dean Dorton Cybersecurity, visit deandorton.com/cybersecurity.
