Thinking Outside the Security Blog
Check back often for blog posts and news about cyber security and vulnerabilities.
This blog article is not intended to explain how the SolarWinds hack worked, nor how to recover from this specific item. It is to help you think about two (2) issues that have not been discussed much.
The first is that this seemed to be a surprise for many people. It should not have been a surprise. This attack has been theorized for years. While other applications have been subverted by hackers, we finally had a compromise of a widely used security product. Great, it was theoretical, but what should have we done to mitigate the attack? Just as in sports, great teams are the ones with the ability to execute exceptionally on the basics.
The second issue is there was a lot of blame thrown at SolarWinds (I am not saying they should not get some of the blame). People were saying things similar to “wow if a Security company cannot stay secure, how can we?” As an industry, we need to stop throwing blame. We are all in this fight together. We will need to work with each other as a whole to tackle the beast that is HAX0R! Since we are on the topic of throwing rocks (blame), How many of you can say you have perfectly executed the ? I didn’t think so. You also cannot fall into the trap of feeling hopeless when another company gets hacked, even at this scale. They are a company that employs people (remember, aren’t they the weakest link, goodbye) and the need to make a profit. They will make trade-offs just like your company.
Stay tuned for future articles that can help you deal with this and many other issues!!