Surviving the 2020’s Cybersecurity Landscape

The Internet has become a critical, fundamental element of business, government, and society. However, it is not safe. There are now two kinds of organizations connected to the Internet, those who have been breached or those soon will be breached. The costs of a successful cyber attack to an organization are significant. The most significant costs include information loss, business disruption, and revenue loss. A breached organization also incurs social impacts to trust, reputation, and brand.

The complexity and depth of cyber attacks have expanded. The scale, skills, and resources of the attackers has grown. With the growth of public cloud and SaaS services, the cyber threat surface now extends well beyond the organization’s own network. They can no longer afford the arms race that is perimeter security as the primary frontline solution.

The proof-point of the vulnerability of predominantly perimeter security solutions was recently demonstrated by an enormous Advanced Persistent Thread (APT) attack that was carried out throughout most of 2020, the SolarWinds Hack.

In March 2020, SolarWinds Inc. was the victim of a cyber intrusion
that inserted a vulnerability (known as SUNBURST) in the Orion Platform software. As illustrated, the source code for the software was not compromised but the software product was compromised, and it went undetected. This compromise continued in a subsequent release. In both cases it was distributed as an update to the current release, with the unsuspecting victims installing the compromised software as part of their normal maintenance on the Orion Platform.

The SolarWinds Hack sat idle on the affected servers for a randomized length of time. Then, when it self-activated, its presence and behaviors were masked as legitimate elements of the Orion Platform and its protocols. Once awake it took in its surroundings and it opened a backdoor web service within the network under assault. This web service allowed bad actors knowledgeable about the attack to gain internal access to the compromised platform at the most intrinsic levels including, file system, operating system, and active processes. The results left the compromised system wide open to the bad actors and laid the groundwork for lateral moves within the affected network, potentially compromising the entire area. This vulnerability went undiscovered until mid-December 2020.

The implications and full impacts of the SolarWinds hack are still being calculated. However, with well over 18,000 customers directly affected and more still affected in subsequent ripple affects as their systems and workloads were compromised, the costs will be significant. The hidden nature of the infiltration and its long duration are problematic for those affected. The degree of exposure and the amount of data which has been compromised as a result of the attack will take a long time to catalog. In the interim, the affected customers must approach the data loss from a worst- case perspective.

In addition to the monetary impacts SolarWinds will encounter social impacts as well. Outbound, their products are intended to run in the most trusted segments of their client’s networks, that trust has been broken. Likewise, the ripple effect from the compromise and the impacts on their customers will directly impact customer satisfaction. Inwardly, the SolarWinds CEO was replaced at the beginning of December 2020.

What is clear is the SolarWinds Hack is a real-world demonstration that perimeter protection alone is no longer a sufficient safeguard in the cyber threat landscape. So, what is your organization doing to protect their most trusted assets, their hard-won data? The answer should include a data-centric data security solution.