As 2020 was beginning to wind down, security practitioners already had plenty to reflect on.
The year was an unprecedented one for the entire globe, and that unprecedented nature carried over directly to InfoSec. Teams had to do more with less as company resources became strained due to the COVID-19 pandemic. On top of this, organizations had to adjust to a remote workplace and an expanded reliance on technology.
Sure, the industry was booming, but this growth was largely due to an increase in the number and sophistication of security breaches. These breaches signaled the need for an enhanced organizational focus on security, oftentimes accompanied by an increase in spending. All of this was a lot to discuss for companies both small and large, and these discussions got louder on December 8, 2020.
On December 8th, FireEye suffered an attack. On the 11th, FireEye reported that due to that attack, their SolarWinds Orion had been corrupted and weaponized. This report started a chain reaction of reports that included the majority of Fortune 500 companies and several departments of the US government.
While a lot is still unknown about the attack and its total destruction, one thing’s for sure: Cybersecurity is going to look a lot different on the other side of 2020. The SolarWinds attack shows that even the largest of companies can suffer a breach, and it’s never been more important to secure your assets and protect your company walls.
The SolarWinds/FireEye attack is not the first large supply chain attack and won’t be the last. For those unaware, a supply chain attack is a tactical attack where the breacher enters a victim’s network by targeting the least secure parts of their supply chain. This means that instead of directly targeting an organization’s assets, they target an individual, asset, or a process that directly feeds into that organization’s security.
A supply chain attack is often the result of poor visibility into security posture, which allows attackers to take advantage of an unknown attack vector and inject it with malware.
While we don’t want to speculate on what happened with the SolarWinds attack, the breach is a reminder of just how important it is to keep track of your assets, perform thorough security assessments, and constantly bolster your defenses to prevent breaches.
While we may be far away from truly seeing the fallout of the SolarWinds attack, the third-party nature of the attack serves as a great reminder to continue to work with vendors but to do so carefully. It’s important to assess the risk of partnership thoroughly BEFORE choosing and working closely with vendors.
It’s absolutely critical to have oversight to assess all outside vendors to determine the risk of partnering with them. Additionally, organizations must have a strict process in place to vet an organization. One example of this is ensuring that outside vendors follow compliance protocols like the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
On top of strict vetting processes, organizations should also ensure that there are appropriate vendor controls implemented and a thorough internal response and mitigation plan in place in case of a breach.
While the SolarWinds attack will push some organizations to increase their security budgets, the truth is that the difference will be minimal. Resources will continue to be scarce and stretched thin, and security professionals will still be forced to maximize their output with a limited amount of time and resources.
The key to most effectively using your limited resources can be summed up with one word: efficiency. When you’re working efficiently to identify, resolve, and remediate vulnerabilities in a timely manner, your cybersecurity is set up for success. But while proposing the idea of efficiency is simple, implementing real procedures that result in true efficiency is another problem altogether.
The key to true efficiency in your security program is the pillars of standardization, communication, and collaboration. If the work each of your employees does is standardized, you save time and cultivate a consistent program. If your team communicates openly on the work that’s done, in the process of being done, and still needs to be done, you’ll have a greater grasp on your security posture. And lastly, if your team collaborates to quickly identify and remediate vulnerabilities, you’ll minimize your chances of a severe breach.
The SolarWinds hack is proof that no matter how big you are, you aren’t safe from a breach. While there are many remedies to address each of the problems mentioned in this blog post — poor security posture, limited security assessments, and limited resources — PlexTrac can help with all three. While PlexTrac cannot protect you from suffering a breach, it can help your security team do more.
First off, PlexTrac’s Analytics module ensures you have complete visibility of your security posture and all of your controls, so you can protect your company’s crown jewels from bad actors. Additionally PlexTrac levels security pros up, allowing better assessments to be conducted in half the time. This time you save with PlexTrac will allow you to focus on getting the real cybersecurity work done. Lastly, PlexTrac’s collaboration and purple teaming functionalities (Runbooks, for example) make sure your security team, no matter how small, is set up for success.