Posted inSecurity

Solarwinds: Navigating a new era of business transformation

ITP.net caught up with Solarwinds Head Geek Sascha Giese to discuss firm’s key learnings from the massive Orion cyber-attack and how they are innovating to help organisations navigate the new business reality

by Adelle Geronimo
Solarwinds: Navigating a new era of business transformation
Solarwinds: Navigating a new era of business transformation
by Adelle Geronimo

Over the recent years, most organisations had digital transformation on top of their agenda as they seek to embrace more modern, cloud-based infrastructures. When the pandemic hit, these plans didn’t necessarily change. Instead, they were kicked into high gear as businesses quickly realised that in order to cope with the challenges they need to accelerate their digitalisation initiatives.

While infrastructure modernisation is a positive side-effect of the events from the previous year. The rapid, widespread cloud adoption is not without its downsides. In the midst of the shift to remote work and the sprint towards adopting fast and nimble cloud technologies, many organisations neglected fast-track their security as well.

With remote or hybrid work models showing no signs of going away, organisations today are ramping up their investments and strategies to protect not only their distributed workforces but also the resources they use. More encouragingly, recent figures from research and analyst firm Gartner revealed that worldwide spending on information security and risk management technology and services is forecast to reach $150.4 billion this year, a sign that organisations are heeding the message that cybersecurity is a top priority for investments.

Settling into a new business reality

“The pandemic has accelerated technologies supporting remote work. While VPN tunnels and virtual meeting solutions weren’t exactly uncharted territories before, many organisations lack expertise with the large-scale deployment needed, which leads to operational problems and expanded attack surfaces.

“As much of the workforce will stay remote moving forward, any change to support teams during lockdown shouldn’t be viewed as a provisional workaround. It means there are more layers to secure, more moving parts, and it can be difficult to control all aspects,” explained Giese.

As organisations increasingly find a sense of normalcy and adapt to the new ways of doing business, it is vital that they become more mindful of the security measures they implement. “Business leaders can control access to their resources, and secure that access with technologies like multi-factor authentication. But they also need to think about: What about the Wi-Fi in my employees’ homes? Is it secured at all? Are any IoT devices connected, which usually haven’t been built with a focus on security? These additional complexities should be a part of every IT leader’s consideration set,” he said.

Industry trends indicate that cybersecurity will become more and more pertinent as organisations navigate new business realities, however, nearly 80% of senior IT and IT security leaders still believe their organisations lack sufficient protection against cyberattacks despite the increased security investments they have made to deal with distributed IT and work-from-home challenges.

“It comes back to a lack of expertise, which doesn’t always mean a lack of knowledge, sometimes it’s just a fresh pair of eyes to spot an oversight. Cyber-attacks are becoming both more common and more sophisticated, and it’s necessary to stay on top of news and changes. Nation-state threat actors in particular, are increasingly well-resourced and active, and their attacks are extremely difficult to defend against, regardless of how much an organisation invests.

“There’s also a high level of security market fragmentation, and it’s not trivial to find something suitable for specific requirements. In fact, organisations often look for ‘what’s best’ instead of ‘what fits us best’,” said Giese.

However, Giese noted that this is a good news as this means organisations are alert and looking for ways to improve their security posture. “The real problems start when IT leaders assume their organisations are sufficiently secured,” he added.

The human factor

Now more than ever, the human factor is playing vital role in guaranteeing security within the organisation. A recent study by IBM, revealed that human error is the main cause of 95% of cyber security breaches. Human error can manifest in a variety of ways including failing to install software security updates in time, having weak passwords and simply lack of awareness. When cybersecurity is concerned, having an appropriate security mindset can be a crucial differentiator for organisations.

“Humans, or more specifically human failure, is the biggest risk in cybersecurity. Organisations must provide ongoing security training to raise awareness and help their staff understand risk in their daily tasks—and more so when teams are working from home. A mindset change is needed, and individual employees should see themselves as part of the larger security team.

“Training should be an ongoing process and require continuous testing, like sending an artificial phishing email to random employees to probe if processes actually work as designed,” said Giese.

More than the risks brought by human error, increased digitalisation by organisations today has also given rise to an onslaught of security breaches. Now more than ever, it is crucial for IT and business leaders to broaden their understanding on the threats and vulnerabilities that surround them.

“We advise business and IT leaders to focus on their supply chains, and discuss possible risks and response planning with their vendors. The first step for many organisations is to create an inventory, as they might not even know who provides their services or what kind of access external contractors have. Many IT leaders still think in the concept of perimeter security, which is outdated. Vendors, service providers, and contractors are already inside the fence,” explained Giese.

Giese further highlighted that it is organisations to implement a zero-trust model, which starts with the assumption you’ve already been breached, and you need to mitigate the impact.

Lessons learned from the SolarWinds Orion cyber-attack

Towards the end of 2020, one of the biggest security incidents that made headlines was the SolarWinds Orion hack. The cyber-attack entailed the insertion of malicious code into a software update for Orion. The code created a backdoor for hackers to remotely access an organisation’s network and steal information. The supply chain attack affected 18,000 users of the Orion network monitoring platform, including government agencies and big tech companies.

Solarwinds security

Since then Solarwinds has issued updates to address the vulnerabilities in the platform. It has also developed a programme to provide professional consulting services to assist customers who need guidance on or support in upgrading to the latest hotfix updates for Orion.

Speaking about the lessons that the company has learned following the incident, Giese said, “One main lesson learned is current software development industry best practices are no longer robust enough and require a change. Generally, best practices result from trial and error, and built on experience. But because of the increasing frequency and sophistication of new cybersecurity risks, particularly with nation-state involvement, these existing practices are outdated. It begins with a zero-trust approach to cybersecurity generally, and industry norms, like the existing software development life cycle model, must evolve to become a truly secure development life cycle.”

He also noted that Solarwinds saw the breach as an opportunity not only to become more secure as a company, but also to help other software vendors to secure their own environments. “That’s the reason we’re communicating quite open with the IT community, and other developers have already reached out to us. The attack was a wake-up call for the software industry as a whole,” he said.

ALSO READKaseya cyber-attack: Ransomware is just a symptom of a larger problem, say experts

Looking ahead, Solarwinds will continue to take proactive measures such as partnering with external, independent security experts to test and eliminate any weak spots in their solutions. The company is also providing regular updates, related news, and thought leadership to be more transparent to its customers. On top of this, the software firm is offering help at no additional cost to it active maintenance customers to review the security of their SolarWinds environment, through its Orion Assistance Program.

“While we shifted significant engineering resources in a mission to enhance the security of our products to an industry leading position, we continue to work on further innovations. We’re also adding more requested features into our products to help organisations on their digital transformation journey. It can be quite challenging as the availability of infrastructure and services vary depending on the location, so our customers need all the help they can get, and we’re there to help them grow,” said Giese.