SolarWinds hack

SolarWinds hack: CISOs need to revisit cyber resilience?

by | Dec 23, 2020 | IT Security

The SolarWinds hack has highlighted the threats caused by third-party vendors and challenges the cyber resilience position of enterprises.
Share to lead the transformation

What many organizations feared came true! The year 2020 brought another shock to the business community last week with discovering a new cyber-attack, SolarWinds hack’ in the United States. The attack is an opportunity for enterprises and CISOs to reflect on their cyber resilience strategies. (See: Top enterprise cybersecurity trends of 2020)

For the unversed, California-based cybersecurity company FireEye uncovered the SolarWinds hack last week and estimated that the cyberattack campaign might have started as early as Spring 2020 and remained undetected for months.

The cyberattack emerged as one of the largest ever targeted against the U.S. Government and several other global companies, threatening organizations’ cyber resilience levels. To date, dozens of emails from the U.S. Treasury Department have been confirmed as compromised.

The attack was hurled by cybercriminals who hacked the infrastructure of an American I.T. Software company, SolarWinds, and then used illegitimate access to insert malicious code in the software updates that the company sends out to its 30,000 plus clients that also includes several departments of the U.S. Government. SolarWinds stated that the updates issued between March and June 2020 were contaminated.

Several industry onlookers have also slammed SolarWind’s lackluster approach to conquer its shortcomings. For instance, the Chief Information Security Officer’s (CISO) longstanding vacant position from its board and notifications issued to customers around deactivating antivirus tools before installing SolarWinds software.

Far-reaching effects

While the timelines of the SolarWinds hack are still unfolding, the SolarWinds breach is disturbing to the whole of the I.T. industry as it can have a far-reaching effect on many big organizations’ networks, questioning their cyber resilience levels.

The SolarWinds breach reflects that most organizations are appallingly unqualified to detect and prevent such kinds of software supply chain attacks. SolarWinds boast that it has been working with 425 of the U.S. Fortune 500 companies and hundreds of universities and colleges globally. This means that the severity of the attack can be severe in the coming days.

Top tech companies, Intel, Microsoft, Cisco, and NVIDIA, have all confirmed their exposure to the malicious software and undertaking necessary investigations to gauge the impact.

In a column published in the New York Times, Thomas P. Bossert, a former domestic security adviser to President Trump, notes that supply chain attacks of such magnitude require significant resources and sometimes years of execution.

Bossart also opined that a foreign state might have launched SolarWinds hack in a well-orchestrated way. These evaluations, if proved correct, can be more hazardous. For instance, in war-like situations, confidential data of governments can be modified or erased by hackers instantly to cause financial loss or take undue strategic advantage.

Stresses lack of preparation of organizations

As we move into 2021, the Solar Winds hack event has once again reiterated nothing is completely secure in this ever-evolving threat landscape. Indeed, no vendor or solution can fully guarantee to protect the networks of an enterprise. Perfect information security is a myth, but the key is resilience. (See: How COVID-19 has changed cybersecurity focus for 2021)

The last few weeks must have been more strenuous for CIOs and CISOs who would need to spend long-hours evaluating the impact on their networks, systems, and data from the SolarWinds cyber-attack. It’s time for enterprises to seek responses to some of the key questions more vehemently:

  • Do you have a contingency plan to combat accidental breaches and unknown threats?
  • Do you depend upon a single security vendor (say, for VPN, network monitoring, and network slicing) or want to onboard different security vendors to safeguard our networks?
  • Can you change our defense approach to strengthen our cyber resilience levels?
  • Are you regularly testing our multiple endpoints and operating systems and keeping them secure?
  • Have you evaluated the risks of third-party software vendors and analyzed their ability to combat sophisticated threats?
  • Is your service-level-agreement updated?

The SolarWinds hack event could be a catalyst for technology leaders to rethink and analyze all their security solutions and potential gates of network vulnerabilities in the context of modern-day technologies. There might be many undisclosed portions, and more details around the impairment from the breach is likely to continue to come out in the next few weeks.

 

 

 

MORE FROM BETTER WORLD

Climate Change: Javadekar takes charge

Climate Change: Javadekar takes charge

Prakash Javadekar today assumed charge as the Union Minister of Environment, Forest and Climate Change here today. He was greeted at the office at Paryavaran Bhawan by Environment Secretary Shri C K Mishra and other senior officials of the ministry. Babul Supriyo also assumed charge as Minister of State.

Briefing the media after assuming the charge, the Union Minister said it is like a home coming for him as he already served in the ministry for two years in the first term of NDA government. He stressed that we will strongly reinforce that this ministry is seen as a facilitator and not merely as a regulator. “Economic growth and environment protection should go simultaneously, and we need to work with an increased impetus towards that”, said Javadekar.

After assuming the charge, the Minister also held a meeting with the senior officers of the Ministry where he was briefed on the key initiatives and policy issues of the Ministry.

Infosys Foundation Opens Aarohan Awards 2019

Infosys Foundation Opens Aarohan Awards 2019

social-impact

The awards would recognize solutions that could positively impact the underprivileged in India. (Representative image)

Infosys Foundation, the philanthropic and CSR arm of Infosys, has announced the launch of the second edition of the Aarohan Social Innovation Awards. The award is aimed at accelerating innovation in the social sector. The Aarohan Social Innovation Awards 2019 seek to recognize and reward individuals, teams or NGOs developing unique solutions that have the potential to positively impact the underprivileged in India, at scale.

Speaking at the launch of the second edition of the awards, Infosys Foundation Chairperson Sudha Murty said, “The Aarohan Social Innovation Awards 2018 was a huge success. Infosys Foundation witnessed a very good response from social innovators across the country and eventually, 12 leading innovators were recognised and awarded. The overwhelming response we got last year, has reaffirmed my belief that there are innumerable innovators across India who are looking up to this platform to give wings to their passion by scaling their innovation and impacting millions of lives. With the second edition of the awards, we hope to discover these hidden social innovators across the country and help them scale the power of their social innovations”

The awards will accept submissions across six categories, namely, Healthcare, Rural Development, Destitute Care, Women’s Safety & Empowerment, Education & Sports, and Sustainability.

The submission process for the second edition of these awards commences on July 15, 2019 and will continue till September 30, 2019. Participants can submit entries describing their work in the form of videos that can be uploaded on the Aarohan Social Innovation Awards website. The entries must be of a fully functioning prototype, not just a concept, idea or mock up. Additionally, the project must not be an established commercial venture.

Aarohan Social Innovation Awards will also offer winners an opportunity for residential technical mentorship at the IIT Hyderabad campus for up to 12 weeks to help them further develop and scale their solutions.

A panel of distinguished judges will evaluate and select the winners whose submissions will be assessed on five broad criteria – application to a social problem or need, innovative use of technology, originality of ideas, ease of use and the quality of presentation. The jury will comprise Prof. Trilochan Sastry, former Dean, IIM Bangalore; Padma Shree Arvind Gupta, an Indian toy inventor and science expert; Prof. Anil Gupta, visiting faculty member, IIM Ahmedabad, a globally renowned scholar of grassroots innovations and founder of the Honey Bee Network; Prof. GVV Sharma, Faculty member of the Department of Electrical Engineering and Coordinator, Teaching Learning Centre, IIT Hyderabad; Sumit Virmani, Senior Vice President and Global Head – Marketing, Infosys, and Infosys Foundation Chairperson, renowned author and philanthropist Sudha Murty.

0 Comments