Above Image Source: FireEye

5 Things CIOs / CISOs Must Do Now To Prevent Hacks Like SolarWinds

On December 13th, the Cybersecurity and Infrastructure Security Agency CISA issued an emergency directive related to a known compromise on SolarWinds Orion products. Current analysis shows that around 300.000 customers of these products were affected and around 18.000 were high profile accounts among the private and public sector. The threat actor managed to include a backdoor code into Orion’s legitimate code and delivered it through a software update. According to FireEye’s analysts, the backdoor managed to affect systems since March 2020

Above Image Source: FireEye

Immediate actions

  • If you use SolarWinds Orion, please follow recommendations from the vendor
  • Look for abnormal country-based traffic. The traffic is masqueraded through local country VPN addresses
  • Isolate affected machines and remediate immediately
  • Review and apply Cybersecurity and Infrastructure Security Agency recommended actions

5 ACTIONS TO AVOID ATTACKS SUCH AS SOLARWINDS

  1. Assess Supply Chain Risk: Assess the security risk and control across the supply chain upstream and downstream
  2. Robust Networks Are Key: Deploy Zero Trust-based Network architecture
  3. Enhance End Point Controls: Implement a proactive monitoring model leveraged by protection capabilities like EDR and UEBA
  4. Secure Digital Applications: Define and implement a strong DevSecOps strategy for Digital Applications.
  5. Tighter Risk Review and Governance: Deploy a governance model with metrics and indicators for decision making after detecting breaches, like ETEK Insights

This advice has been provided by global IT security provider ETEK. If you have Managed Security Services with ETEK, you are already protected, if not, contact them immediately at [email protected].

  • " >

Related Posts

Etek Introduces Managed Identity & Access Management Service
Ransomware Attacks Against Health Care Systems Spike With Coronavirus Cases
Master Agent Telarus Receives Expansion Investment From Columbia Capital

Leave a Reply

Cognitive Business News
%d bloggers like this: