The Lessons Learned from the SolarWinds Cybersecurity Breach
What happened to SolarWinds? For many of us, SolarWinds was a big name in the IT space. A market leader, in fact. Known for providing SaaS solutions for IT infrastructure and network administration, their flagship product, Orion, was a reliable monitoring tool trusted by many worldwide, including organizations and governments, with a peak client base of 330,000. How quickly things have changed.
Today, organizations are avoiding SolarWinds like the plague; instead, they’re choosing alternatives like Juniper Networks, Datadog, Ivanti, and others. So, how did it come to this? The short answer:
SolarWinds suffered a major breach, and their reputation has been significantly damaged.
I recently caught up with an old colleague of mine. We worked together in IT at a healthcare company that deployed SolarWinds extensively. He’s now a IT leader at a tech and AI company and is currently seeking to implement a network monitoring solution. As we talked, he communicated that he wouldn’t consider SolarWinds now, given what happened and the negative press it received, nor would he even mention the name to his executive peers as it would likely be interpreted as a faux pas.
This is an important example of how quickly a company’s standing in the IT industry, or any industry, can change due to unexpected events arising from security challenges. The damaging effect on a reputation may last for years.
But what sets the SolarWinds case apart? Why such a significant fallout when other companies have faced cyber breaches, weathered the storm, and then bounced back?
1 – Trust in the IT space
SolarWinds had a solid standing in the IT community—everyone trusted them. Its software, deeply integrated into sensitive systems and serving as the backbone of many networks, holds privileged access. SolarWinds claims that at the time of the hack, 33,000 companies used the Orion product, including public and private organizations at various government levels. The impact of the attack shattered this trust, and now IT Directors and CISOs don’t want to take the risk of running SolarWinds software in case another problem manifests.
2 – Scale of the attack
The attack’s aftermath is quite staggering, with the attack estimated to have infected more than 18,000 systems worldwide, causing irreparable damage worth billions of dollars. SolarWinds felt the brunt of it, with the fallout setting them back at least $18 million over the first three months. The future revenue losses are incalculable. This financial setback not only reflects the immediate costs but also signals the potential long-term repercussions and the arduous path to recovery.
3 – Perception of control deficiencies
SolarWinds’ response to the attack raised concerns about control deficiencies and whether security best practices were instituted. The Software Development Life Cycle (SDLC) was found lacking in the necessary rigor, raising questions about the effectiveness of code checks, reviews, approvals, and scans, as well as the implementation of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
Even with those checks supposedly in place, the fact that a malicious library file slipped through the cracks highlights a significant gap in the company’s security protocols. This raises eyebrows about the reliability of their software development processes.
4 – Apparent lack of transparency
Transparency is critical in cybersecurity, and SolarWinds seemingly fell short. The Chief Information Security Officer made several false claims about the general security posture, and in October, the SEC charged SolarWinds and the CISO with fraud and internal control failures related to known cybersecurity risks and vulnerabilities. This hardly fills people with confidence.
The disregard for concerns raised by an engineer about potential vulnerabilities and undetected changes by attackers further erodes the perception of transparency. Ignoring these warning signals not only points to an apparent lack of openness but also raises questions about the company’s commitment to promptly addressing vulnerabilities.
5 – Preconception that SolarWinds will “get it right”
I hear statements like this all the time from executives in regard to big service providers,
“It’s Microsoft. They’re the best at this security thing. If they have a problem, we’re just screwed. We can’t do anything about it.” Swap “Microsoft” for any other major player, and the statement remains the same.
SolarWinds is no different. They were traditionally viewed as a major player with significant investments in security. The preconception that they would be innovators in cybersecurity contributed to their attractiveness in the market. The disappointment arising from their failure to meet these high expectations has led to a sense of wariness for customers. A loss of confidence has resulted in customers shifting towards other market players who have not had a major breach.
The major players are the most targeted for cyber attacks. Organizations should not simply trust the large providers, but rather develop additional controls and mitigations to protect themselves and be ready for anything.
Main Takeaways from the SolarWinds Breach
- Demonstrate a sincere commitment to security: Admitting your faults and demonstrating a genuine commitment to security is key to rebuilding trust in the aftermath of a cybersecurity breach. SolarWinds’ failure to do these highlights the importance of honesty and transparency in the recovery process.
- Confront risks and their consequences: The SolarWinds case underscores the severe consequences of neglecting IT security risks, a point we consistently emphasize to our clients. Sweeping IT security problems under the rug could be catastrophic, as it was in the SolarWinds case. Organizations must take a proactive approach to identify potential vulnerabilities, regularly assess their IT infrastructure, and stay informed about emerging threats.
- Thoughtful selection of your CISO and supporting team: The Chief Information Security Officer is the most important person in an organization’s cybersecurity posture. Organizations should prioritize candidates who not only possess technical expertise but also demonstrate honesty, commitment, and the ability to navigate the complexities of the ever-evolving cybersecurity landscape
The bad faith, lack of security investment, and the irreparable harm that has occurred to SolarWinds incident should serve as a powerful wake-up call for organizations. Against this backdrop, Secureside stands as a trustworthy partner in cybersecurity and technology services.
Secure Your Future with Secureside
Secureside was founded to achieve one primary objective: make organizations cyber secure. We offer top-tier security services to small and medium businesses at honest pricing. Our Virtual CISO (vCISO) and Security Team as a Service (STaaS) deliver complete security programs so that organizations can focus on what they do best.
Why choose us over others in the industry? We’re not just self-proclaimed experts but hands-on practitioners with a proven track record. Our approach is grounded in executive leadership and practical field experience, which has gained us the trust and respect of our peers and clients.
If you would like to learn more visit our website or get in touch today.
