Above Image Source: FireEye

5 Things CIOs / CISOs Must Do Now To Prevent Hacks Like SolarWinds

On December 13th, the Cybersecurity and Infrastructure Security Agency CISA issued an emergency directive related to a known compromise on SolarWinds Orion products. Current analysis shows that around 300.000 customers of these products were affected and around 18.000 were high profile accounts among the private and public sector. The threat actor managed to include a backdoor code into Orion’s legitimate code and delivered it through a software update. According to FireEye’s analysts, the backdoor managed to affect systems since March 2020

Above Image Source: FireEye

Immediate actions

  • If you use SolarWinds Orion, please follow recommendations from the vendor
  • Look for abnormal country-based traffic. The traffic is masqueraded through local country VPN addresses
  • Isolate affected machines and remediate immediately
  • Review and apply Cybersecurity and Infrastructure Security Agency recommended actions


  1. Assess Supply Chain Risk: Assess the security risk and control across the supply chain upstream and downstream
  2. Robust Networks Are Key: Deploy Zero Trust-based Network architecture
  3. Enhance End Point Controls: Implement a proactive monitoring model leveraged by protection capabilities like EDR and UEBA
  4. Secure Digital Applications: Define and implement a strong DevSecOps strategy for Digital Applications.
  5. Tighter Risk Review and Governance: Deploy a governance model with metrics and indicators for decision making after detecting breaches, like ETEK Insights

This advice has been provided by global IT security provider ETEK. If you have Managed Security Services with ETEK, you are already protected, if not, contact them immediately at [email protected].

Related Posts

Image by Mohamed Hassan from Pixabay
Baker McKenzie: Cybersecurity & Data Top Litigation & Risk Concerns For 2023
September 30 - October 6 2022 by Tracxn
AI, RPA, Cybersecurity Deals of the Week by Tracxn
Mexico to Join Cartagena As 2nd Host of 2023 ANDICOM ICT Event

Leave a Reply

Cognitive Business News