"The Times They Are a-Changin"
The sophistication of hackers is becoming increasingly worrying; The StellarParticle group who launched the attack against Solarwinds show how advanced these attacks are becoming.
Microsoft stated, "The attackers behind Solorigate are skilled campaign operators who carefully planned and executed the attack, remaining elusive while maintaining persistence."
Microsoft Timeline showing attack
What does that mean for the rest of us and what can we learn from the attack?
Firstly you need to continuously monitor your networks, understanding what traffic is coming in and out as well as across your network is now essential in discovering indicators of compromise, IOCs. It's more than just collecting logs, understanding that data cannot be underestimated. For instance, detecting when a new device is connected to the network and starts sending data can be an IOC. Seeing changes in traffic patterns could show a misconfiguration of a firewall rule! Don't forget that moving services into the cloud does not transfer cyber risk to the cloud provider. Monitoring cloud services is as important as on-premise systems and services.
Batten down the hatches to reduce your attack surface and a great way to start is to learn more about zero trust architecture.
Next, think about how your users authenticate, if you are still using legacy passwords with the (un)trusty old min 8 letters + special characters etc. then it's time for a sanity check. NCSCs #thinkrandom is a great place to start for making passwords more secure! The use of multifactor authentication should be enabled wherever possible, web services that don't offer this should be avoided!
Don't underestimate the effectiveness of the human firewall. Training users to spot suspicious activity regardless of the size of the business is worth the investment. Regularly conduct phishing exercises backed up with learning activities for those that fall foul.
Don't treat cyber as an IT issue, its a business risk and therefore the whole business has a responsibility for it. That said a supportive & educated Board will make or break the effectiveness of a cyber-risk policy.
Finally, step back from the coalface and look at cyber as a business enabler, communicating to partners and customers that you take cybersecurity seriously and have effective controls, that are regularly tested, can differentiate you in the market.