Five Cybersecurity Lessons Learned from the SolarWinds Breach

Cybersecurity Lessons Learned: SolarWinds

The recent cyberattack of SolarWinds, a Texas-based technology company, has brought to the light the dangers of an infiltration from supply chains and software providers. Discovered by one of SolarWinds’ clients, the cyberattack was traced back to a malware incident that allowed the hackers continued access to customer data.

Both SolarWinds and its impacted clients have incurred over $90 million in recovery expenses to date. Investigations traced the infiltration back to weak employee passwords. Following the incident’s announcement, SolarWinds’ stock prices immediately fell by 40%, several disgruntled shareholders filed a class-action lawsuit and the Securities and Exchange Commission announced plans to investigate.

Lessons Learned from the SolarWinds Breach

There are several cybersecurity takeaways from the SolarWinds incident, including these important lessons:

1. Supply Chain Exposures Shouldn’t Be Ignored

The SolarWinds attack showcases how critical it is for organizations to evaluate and address security concerns within their supply chains. While your business may follow proper cyber policies and procedures, a compromised supplier could leave you vulnerable. Supply chain exposures can stem from vendors with access to organizational networks, third parties with inadequate data storage measures and suppliers with poor overall cybersecurity practices.

While it is impossible to completely eliminate supply chain risks, there are several steps your organizations can take to help reduce these exposures and prevent costly attacks, including:

  • Incorporate cyber risk management into vendor contracts — You can require vendors to obtain cyber insurance, request timely cyber incident notifications and establish clear expectations regarding data destruction following the termination or nonrenewal of contracts.
  • Minimize third-party access to organizational data — Once a vendor or supplier has been selected, work with them to address any existing vulnerabilities and cybersecurity gaps. Suppliers’ access to sensitive data should be restricted to an as-needed basis.
  • Monitor suppliers’ compliance with supply chain risk management procedures — This may entail adopting a “one strike and you’re out” policy with suppliers that experience cyber incidents or fail to meet applicable compliance guidelines.

2. Third Parties Must Prioritize Cybersecurity

As organizations begin to more closely evaluate their supply chain exposures, it is increasingly vital for third-party vendors to adopt effective cybersecurity measures. Suppliers must recognize their exposure for compromising larger clients and take preventive steps to prevent targeting. Failing to implement these protections could result in cybersecurity vulnerabilities, reduced client trust and lost business. Upholding proper digital practices, third party vendors can prove the organization’s commitment to security to current and prospective clients.

3. Access Controls Can Offer a Strong Defense

Experts attest to the significant bolstering that cybersecurity elements could have played in defending SolarWinds and its clients from the cyberattacks.

Security experts recommend access control and password tactics, including:

  • Instructing employees to develop, and routinely change, complicated and unique account passwords.
  • Implementing multifactor authentication (MFA) measures that require employees to verify their identities in several ways (e.g., entering a password, answering a security question).
  • Limiting employees’ digital access solely to the technology, networks and data necessary to perform their job responsibilities.
  • Segmenting workplace networks to prevent an entire network from being compromised.

4. Effective Security & Threat Detection Software Is Critical

The SolarWinds incident emphasizes the importance of installing software that provides security and threat detection. Software can be used to better identify suspicious digital activity and reduce dwell time (the time taken to detect cybercriminals’ presence after their initial network infiltration). Although an expensive investment, the software is worthwhile as it continuously monitors security threats, identifies perpetrators early and minimizes the impacts of potential cyber incidents.

Suggested cybersecurity software to consider includes network monitoring systems, antivirus programs, endpoint detection products and patch management tools. Businesses should also conduct routine penetration testing to determine whether their cyber software has any security gaps or vulnerabilities. This allows problems to be addressed and corrected before discovered by a cybercriminal.

5. Proper Coverage Can Provide Much-Needed Protection

The SolarWinds incident highlights that all entities, regardless of industry or size, are susceptible to cyber-related exposures. It is critical for your organization to ensure adequate protection against potential cyber incidents by securing proper coverage. Make sure your organization works with a trusted insurance professional when navigating these coverage decisions.

We’re Here to Help with Cybersecurity

Over 18 billion data records have been exposed this year alone; can your organization risk being another statistic? While cyberattacks continue to plague organizations, we not only provide coverage, but our expert risk advisors can also recommend steps and guidance to lower your risk of a cyberattack. For more risk management guidance and insurance solutions, connect with a member of our team.

Cybersecurity Lessons Learned: SolarWinds recent cyberattack of SolarWinds, a Texas-based technology company, has brought to the light the dangers of an infiltration from supply chains and software providers.2021-10-20T16:00:00-05:00The recent cyberattack of SolarWinds, a Texas-based technology company, has brought to the light the dangers of an infiltration from supply chains and software providers. Risk MitigationProperty & Casualty InsuranceYes