SolarWinds Attack Has Growing, Worsening Impact on Cybersecurity Pros
This perception of increasing severity is atypical of most breaches.
![Depressed frustrated trader tired of overwork or stressed by bankruptcy, sad shocked investor desperate about financial Depressed frustrated trader tired of overwork or stressed by bankruptcy, sad shocked investor desperate about financial](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfa6f77b98ff0d592/65242d052247047a63db8b26/Employee-burnout.jpg?width=700&auto=webp&quality=80&disable=upscale)
Getty Images
Channel Futures: What were the most surprising findings in this survey?
(ISC)2’s Clar Rosso: The survey sought to assess the severity of the SolarWinds incident based on the opinions of the cybersecurity professionals who most often have to deal with the ramifications of such breaches on their own organizations. The most surprising, and concerning, finding was the percentage of respondents who indicated that this breach was “extremely severe” actually increased over time as more details emerged.
Channel Futures: Has SolarWinds led to better practices by cybersecurity pros, and therefore better cybersecurity at their organizations? If so, how?
(ISC)2’s Clar Rosso: Anytime there is a major breach, even if your organization is not impacted, it provides the opportunity to reflect on your practices. What we have seen so far is active engagement within the cybersecurity community on best practices and information sharing. In fact, respondents to our survey provided several recommendations to fortify cyber defenses.
Channel Futures: What are these cybersecurity pros afraid of? Have they personally been impacted?
(ISC)2’s Clar Rosso: Not all of the respondents’ organizations were impacted and we didn’t ask individuals to self-identify if they had been. The concern many respondents expressed about this particular attack was the nature of the threat within the technology supply chain, and the far-reaching implications as a result. SolarWinds reported to the Securities and Exchange Commission that up to 18,000 customers installed updates to its Orion software, which had been compromised with malicious code.
Channel Futures: Do they see SolarWinds as more damaging than other big-name cyberattacks in recent months? If so, why?
(ISC)2’s Clar Rosso: Respondents viewed this breach as a very serious one based on the type of pervasive position that SolarWinds software holds within their organizations’ security stacks. This type of vulnerability within the technology supply chain makes the ramifications widespread across many systems, and given the complexity of most supply chains, harder to immediately detect.
This especially nefarious type of hostile action targets various entities through a supplier of technology and security services. Those are the very companies customers expect to protect them from cyber threats.
One respondent said, “The way the attack was used to pivot to expose potentially thousands of SolarWinds customers demonstrates an often overlooked threat vector.”
Another respondent said, “Attacks on our software update/patching supply chain are high up on the list of things that keep us up at night. An attack on the software that controls our entire network and systems is even more frightening.”
Cybersecurity pros have stepped up activities such as forensic analyses, re-architecting of systems, and making sure all patches are up to date, (ISC)2 said. Many respondents reported getting questions from their executive teams about their own security protocols. That’s prompted time-consuming due diligence and reporting activities.
A first step by many cybersecurity teams was investigating whether their companies or customers were attacked.
“We had to shut down SolarWinds and switch to PRTG,” said one respondent. Another said, “We have gone through patching cycles to eliminate the vulnerability.”
Cybersecurity pros have stepped up activities such as forensic analyses, re-architecting of systems, and making sure all patches are up to date, (ISC)2 said. Many respondents reported getting questions from their executive teams about their own security protocols. That’s prompted time-consuming due diligence and reporting activities.
A first step by many cybersecurity teams was investigating whether their companies or customers were attacked.
“We had to shut down SolarWinds and switch to PRTG,” said one respondent. Another said, “We have gone through patching cycles to eliminate the vulnerability.”
Few cyber breaches have caused more anxiety among cybersecurity experts than the 2020 SolarWinds attack. In fact, concern has built up throughout the cybersecurity community as new details come to light.
(ISC)2 surveyed more than 300 cybersecurity professionals to find out how they felt when the hack was first reported and after several weeks when more information became available. They also relayed how the breach has impacted their jobs. Furthermore, they recommended changes to organizational security practices and provided lessons learned.
Eighty-six percent said they would have rated the SolarWinds attack “very” or “extremely severe” when they first learned about it. However, that changed roughly six weeks after the incident was reported as more details emerged. The number of respondents who indicated that the breach was “extremely severe” increased from 51% to 55%.
(ISC)2’s Clar Rosso
On a scale from one to five, the perception of the severity of the breach also increased over time, from an average of 4.34 initially up to 4.37.
This perception of increasing severity is atypical of most breaches. Headlines tend to fuel speculation in the immediate aftermath of a public disclosure. That’s then tempered by remediation of the threat. In other words, severity spikes in the short term and decreases as more information becomes available.
To find out more, we spoke with Clar Rosso, (ISC)2’s CEO, about the hack’s ongoing impact on cybersecurity industry experts. Scroll through the slideshow above for what she had to say; plus, more results from the study.
About the Author(s)
You May Also Like