Most of us would say that 2020 was a banner year for Cyber security and in the closing month, it did not disappoint. The Solar Winds breach is still producing a list of victims and most experts believe that number will continue to grow as companies do forensic analyses of their logs to see if they were affected by the breach in the Orion appliance. Sadly, Solar Winds is not the only company to feel the heat and I will again use this event as an opportunity for all of us to learn and examine how we have implemented our security platforms. Supply Chain Security has always been a concern and when we grant access to our network to any external entity, we are accepting a risk when we do so. This is true for software or hardware. This article below details backdoor access in Zyxel firewalls and VPN gateways. Solar Winds is just one of the largest suppliers to be breached.
So how do we respond? Ask yourself the crucial questions about the companies you have provided access to. What is their security posture? Have I established SLA’s with that company in regards to security? Have i had a security assessment of my network, including the external accesses? What does my defense in depth look like? Am I too reliant on one vendor to defend my network? In some ways, the Solar Wind breach should at least create a conversation about multi-vendor security – many other security vendors are advertising how their product could have protected against the Solar Winds breach. Even litigators wonder if this will not change the way cybersecurity in the future (See Article).
On another front, Solar Winds will have to explain a number of decisions over the last few years. Reports have started to surface that they took a number of risky business decisions to cut costs and those decisions may have created an environment for the attacks to be successful. Even some former workers have come out about how they felt about these decisions. (See Article). This definitely raises a number of red flags when costs are more important than security. Where this will put Solar Winds in the future is up for much speculation but I do not believe clients will dump their security appliances without a good option in the wings. As we look forward into 2021, what will this year bring? No one could have seen the impact of COVID on the worldwide economy and yet we know that cybercriminals will always look to take advantage of a crisis to sow discord and make money. Cybersecurity is more important today than it was a year ago as we are the line trying to defend corporate and government networks from attacks from criminals and nation states. Let’s work together to build solid security products that work together towards the common security we all seek.