Cyber Case Study | SolarWinds Supply Chain Cyberattack
February 15, 2022

The Cyberattack On SolarWinds Digital Infrastructure

In the final month of 2020, it was revealed that foreign hackers had orchestrated a supply chain cyberattack throughout the past year in an effort to compromise several federal agencies and private organizations. The cybercriminals first infiltrated the digital infrastructure of SolarWinds—a Texas-based technology company—before using that infrastructure to gain access to sensitive data from a range of government departments and organizations via malware-ridden software updates. The incident ultimately exploit- ed numerous SolarWinds customers and led to millions of dollars in total losses.

The attack has been dubbed as one of the largest and most sophisticated cyber incidents in U.S. history, motivating many organizations to take a closer look at security risks stemming from their supply chains and software providers. In hindsight, there are various cybersecurity lessons that organizations can learn by reviewing the details of the SolarWinds incident.

Read on for everything your organization needs to know.

Reputational Damages

Considering SolarWinds maintained a trusted and respected reputation prior to the attack, the technology company received significant criticism from customers and the public for its cybersecurity shortcomings after the incident occurred. In particular, SolarWinds was scrutinized for failing to detect the cybercriminals’ initial activity within its network and remaining unaware that Orion had been injected with malware until FireEye’s eventual discovery months later.

Further, while the method hackers used to infiltrate SolarWinds’ network is unknown, it was soon discovered that a handful of the company’s employees possessed weak passwords leading up to the incident (one employee’s password was “solarwinds123”)— paving the way for additional security criticism. Amid this scrutiny, SolarWinds’ stock price fell by 40% the week following the incident.

Legal Ramifications

In January of 2021—one month after the details of the incident became public—disgruntled shareholders filed a class-action lawsuit against SolarWinds for its cyber-security failures during the attack. Several months later, the SEC announced plans to investigate whether SolarWinds’ affected customers accurately estimated the impact of the incident within their financial records. As time goes on and additional damages come to light, it’s certainly possible that both SolarWinds and its customers could encounter more lawsuits and regulatory fines related to the incident.

Lessons Learned

There are several cybersecurity takeaways from the SolarWinds attack. Specifically, the incident emphasized these critical lessons:

Supply chain exposures shouldn’t be ignored. Above all, this attack showcased how critical it is for organizations to evaluate and address security concerns within their supply chains, including IT and software providers. Even if an organization follows proper cyber policies and procedures internally, a compromised supplier could still end up threatening its security and digital assets. Supply chain exposures can stem from various avenues— including vendors with access to organizational networks, third parties with inadequate data storage measures, and suppliers with poor overall cybersecurity practices.

While it’s not possible to totally eliminate supply chain risks, there are several steps organizations can take to help reduce these exposures and prevent costly attacks, such as:

• Incorporating cyber risk management into vendor contracts—This can include requiring vendors to obtain cyber insurance, having them issue timely notifications regarding cyber incidents, and establishing clear expectations regarding the destruction of data following the termination of contracts.
• Minimizing access that third parties have to organizational data—Once a vendor or supplier has been selected, it’s crucial to work with them to address any existing vulnerabilities and cybersecurity gaps. Moving forward, suppliers’ access to sensitive data should be restricted on an as-needed basis.
• Monitoring suppliers’ compliance with supply chain risk management procedures—This may entail adopting a “one strike and you’re out” policy with suppliers that experience cyber incidents or fail to meet applicable compliance guidelines.

Third Parties Must Prioritize Cybersecurity

As organizations begin to more closely evaluate their supply chain exposures, it’s increasingly vital for third-party vendors themselves to adopt effective cybersecurity measures. In particular, suppliers need to recognize that cybercriminals may target them in order to compromise their larger clients and take steps to prevent such incidents from occurring. After all, failing to do so could not only result in cybersecurity vulnerabilities but also contribute to reduced client trust and lost business. By upholding proper digital practices, third-party vendors can show their clients that they take security seriously, boost their overall reliability, and— in some cases—secure additional contracts.

Access controls can offer a strong defense. Although it’s unknown whether SolarWinds’ access control protocols or password blunders contributed to the incident, IT experts attest that bolstering these cybersecurity elements can play a major role in defending against hackers and subsequent attacks.

Valuable access control and password tactics include the following:

• Instructing employees to develop complicated and unique passwords for their accounts in addition to changing these passwords on a routine schedule.
• Implementing multifactor authentication measures that require employees to verify their identities in several ways (e.g., entering a password and answering a security question)
• Limiting employees’ digital access solely to the technology, networks, and data they need to perform their job responsibilities.
• Segmenting different workplace networks to prevent all networks from being compromised if a single employee’s credentials are exploited.

Effective Security And Threat Detection Software Is Critical

This incident emphasizes the importance of having appropriate security and threat detection software in place. This software can be used to better identify suspicious digital activity and reduce dwell time—which refers to how long it takes to detect cybercriminals’ presence after their initial network infiltration. Although this software may seem like an expensive investment, it’s well worth it to help continuously monitor security threats, catch perpetrators before it’s too late, and minimize the impacts of potentially devastating cyber incidents.

Necessary software to consider includes network monitoring systems, antivirus programs, endpoint detection products, and patch management tools. Also, it’s valuable to conduct routine penetration testing to determine whether this software possesses any security gaps or ongoing vulnerabilities. If such testing reveals any problems, these issues should be addressed immediately.

Midwest Insurance Group understands your organization and can help you with cyber security and threat detection software to meet your needs. Call us today at 262-646-5777 to learn more about the appropriate protection for your company against potential cyber attacks.

How May We Help You?