SolarWinds manages various parties involved in addressing and recovering from the situation, with the goal of stabilizing company operations

In a series of unprecedented cyber attacks, the SolarWinds compromise has left at least 100 companies and nine federal agencies in its wake. The legacy network management provider, SolarWinds, has found itself at the centre of calls for an overhaul of outdated build processes.

The SolarWinds hack, considered one of the most impressive cyber espionage campaigns seen, has highlighted the need for improved cross-sector information sharing. With insufficient investments and proficiency in recovery and restoration, businesses and governments alike are scrambling to strengthen their defences.

SolarWinds itself is taking a proactive approach, recommending a tiered model of access, triaging employee access rights, and treating those with mission-critical access as "special." The company is also cooperating with federal law enforcement, private industry investigators, customers, insurers, and other stakeholders in its response and recovery.

The White House estimates the SolarWinds Orion compromise disrupted upwards of 16,000 computer systems worldwide. However, many cyber incidents go unreported, making continuous information sharing improvements a challenge.

The attack on FireEye, another prominent cybersecurity firm, was likely an act of hubris on the part of the perpetrators. They attempted to create another multifactor token for an existing employee, but FireEye was alerted to the intrusion. Despite being compromised, FireEye handled the incident well, as they were able to discover the entire campaign.

The SolarWinds hack has underscored the importance of security policies around the build cycle. Particular attention needs to be paid to developer freedoms, the machines they have access to, and software installation allowances.

Tech providers, in particular, can struggle with access management due to an underlying belief that frontline employees need control and modification freedoms for their environments. However, this belief can leave systems vulnerable to attacks.

Tom Reagan, leader of the U.S. cyber practice at Marsh, stated that after a cyber incident, companies often need specialized expertise and assistance. Marsh, as an insurance provider, has observed that organizations have high scores in prevention technology, risk identification, and detection, but lack maturity in recovery and restoration.

Alex Stamos, independent consultant for SolarWinds, echoes this sentiment, stating that every Fortune 500 company is a software company. Companies, after a cyber incident, are tempted to keep things close to the chest, but different hands involved in recovery have different motives than that of a business.

The U.S. has been involved in supply chain attacks before, such as the Juniper Systems case in 2015. As the dust settles on the SolarWinds hack, it is clear that the attacks on our digital infrastructure are becoming more sophisticated and widespread. It is time for businesses and governments to take a hard look at their cybersecurity practices and make necessary changes to protect themselves and their stakeholders.

The person who advised SolarWinds on their software rebuild is Matt Wolff, a partner at Coblentz Patch Duffy & Bass LLP. As we move forward, it is hoped that the lessons learned from the SolarWinds hack will lead to improvements in cybersecurity across all sectors.

SolarWinds manages various parties involved in addressing and recovering from the situation, with the goal of stabilizing company operations