Security Podcast: SolarWinds - Bringing Down the Building

by in CyberRes

Everyone on track with their goals? This year has certainly kicked off with a bang in the United States. Guess it’s true what they say, no rest for the weary. Happy to say I’m still on track with my goals (juggling full-time work and grad school with real-life can be tricky), but so far, so good. I have had to tweak a few things along the way (like going to bed earlier so I can get up at 5 AM to work out and setting my smartwatch to remind me to drink water), but I am still going strong. It’s interesting how seemingly minor things can make such a big impact.

Security Podcast SolarWinds - Bringing Down the Building.pngJohn Pescatore, current Director of Emerging Technology at SANS, based in Washington, D.C., spoke with the Reimagining Cyber podcast team (Rob Aragao and Stan Wisseman) this week about the recent SolarWinds breach for this episode, "SolarWinds: "Bringing Down the Building... Software Supply-Chain Pressure Points." (In case you suffer from TL:DR, which stands for “too long; didn't read, I'll summarize the article about the breach for you: SolarWinds, was breached in May/June 2020. The attack targeted its Orion network management product, specifically. The breach wasn’t discovered until December 2020, when FireEye, a cybersecurity company, detected the attack.) Pescatore relates the Solar Winds attack to taking down a building.

“When I worked for the Secret Service, we did advanced protection and went to bomb school…We learned that if you set bombs off in the right area/sequence, the entire building goes down. It could be the same for IT.” He goes on to explain that the Solar Winds attack was strategic. With over 75% of the Fortune 1000 as customers, attacking a company like SolarWinds, in turn, takes out not only them, but impacts the thousands of customers that use their system. By only keeping a company’s “crown jewels” safe, they are left open to attackers and threats. Including often overlooked software tools and systems that could have a major impact on an employee or customer base.

To mitigate risks against attackers, Pescatore recommends continuous checks of software and hardware. He calls it “essential security hygiene,” those things that you have to do to protect your business against fraud. Without the basics, it’s challenging to even figure out how bad an attack is to begin with.

“It’s like if a hoarder fills up a house with newspapers from top to bottom, and you need that one copy of ‘The Washington Post’,” he notes. “You can’t find anything. But, if you’ve cleaned up, it makes it better.”

The impact of the Solar Winds attack is still being determined. It seems like each day, new stories about impacted organizations arise. To prevent another attack as devasting as SolarWinds, Pescatore recommends focusing on two things: testing and visibility. For organizations that have a digital supply chain, programs require vendors to demonstrate testing of their system against hackers and threats (not to be confused with proof of self-certification). Additionally, focus on visibility into important systems, as it is unlikely large organization’s will have enough staff to test every single piece of software. Prioritizing is key (something other podcasts have touted as well).

One way Pescatore and the SANS team are “leaning forward” is by launching a free, online gamified platform for students. CyberStart is rolling out to 33 U.S.-based cities in the coming weeks. Its online platform challenges students with real-life cybersecurity situations, allows them to build their computer science and cyber skills and qualify for college scholarships.

This week’s ReimaginingCyber podcast reminded me that small tweaks and focusing on things that have the most significant impact, can also help me reach my goals. What “small things” are you going to focus on this week?

 

More Information:

Reimagining Cyber is a podcast series hosted by Rob Aragao and Stan Wisseman, Security Strategists with CyberRes, a Micro Focus line of business. In each episode, they dive into the world of cybersecurity, exploring challenges, trends, and discuss different approaches for today’s CISOs and CIOs. Every two weeks, a new guest—from industry experts to CISOs—will share what matters most to them. Each episode is short and bite-sized, running only 15-20 minutes.

You can find the latest episode of Reimagining Cyber on Apple, Soundcloud, Stitcher, Google Play, and Spotify. Give it a listen and let me know what you think. Log in or register to comment below.

CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberResilient.com.

 

Labels:

Security
Anonymous