How To Address Security Issues After a Cyberattack?
A recent large-scale cyberattack on SolarWinds has raised-awareness over the importance of security, and many companies across the world have been forced to re-evaluate their approach to cybersecurity in general.
After security breaches, like the SunBurst and Supernova cases, companies start to wonder, what could be done to prevent such events from happening in the first place? Let’s have a look at how SolarWind approached the issue and increased IT security with a couple of key steps.
The target of the attack - The Orion Platform
The Orion Platform is a network management system (NMS) software that supports its clients, by monitoring the complete network operations. It has the ability to retrieve, and analyze data about the network traffic, and all the associated systems running on it. The Orion Network Management System is mostly used by large enterprise networks. With a vast number of connected devices in a network, centralized monitoring is needed to detect, locate, and repair any disruptions instantly for flawless operation.
The breach was specifically targeting the Orion Platform, which enabled hackers to impair over 18000 clients. Instead of having to hack single devices or networks, they have delivered malware through a software update to the Orion Platform, which enabled hackers to reach a large number of client data, and devices instantly.
Because of this, and the sophisticated nature of the malware, there are still estimations of the actual number of clients, and devices compromised through this security breach. As many major companies and governmental organizations are clients of SolarWind, some of these might still be hacked, though the true impact of this breach might never be revealed.
An industry-standard best practice in IT security
After the discovery of the security breach, SolarWind immediately started working on the solutions and identifying key steps to provide safety for the clients.
One of the most important steps was the announcement of a new digital code signing certificate used by the affected Orion Platform and other SolarWind products. As the certificate was also used by other products, the possibility of it having an effect on these products was not ruled out.
Because of this, the most responsible and professional decision one can make in terms of IT security is to revoke the current certificate, even if not all software products signed by the digital code signing certificate are affected by the breach. This procedure is a best practice in the software industry.
After new certificates have been created, all affected software versions have been renewed and released, clients can update or reinstall these products, to ensure that the day-to-day operations of their networks can once again be reinstated without the possibility of hackers compromising them.
Additionally, SolarWind’s current CEO, Sudhakar Ramakrishna has expressed his intention to prioritize the establishment of long-term security of their products, by focusing on:
-Increasing internal security processes;
-Facilitating the product development environment;
-Implementing additional tools to evaluate and ensure product security.
While no single decision or procedure can produce 100% immunity against cyberattacks, implementing additional levels of security can significantly improve the chances of avoiding similar breaches, or at least, decreasing the harm caused to clients.