In the world of cybersecurity, professionals understand the importance of Incident Response and its key phases:
- Preparation for all possible scenarios
- Identifying and isolating bad actors
- Removing them from systems
- Implementing a comprehensive disaster recovery plan
When business starts functioning as normal again, there is a phase of this process that involves the lessons learned.
The Importance of Incident Response
These cybersecurity professionals are neck deep in the disaster recovery phase, airlines are still canceling flights, hospital system are still trying to get back on their feet with normal operations and countless other industries are still sifting through the wreckage. Within the realm of cybersecurity, there is such a focus on protecting against bad actors that no one was prepared for a simple software hiccup to bring down systems the world over. They should have been.
The SolarWinds Hack: A Lesson in Software Vulnerability
In March of 2020, SolarWinds, a popular system management tool that allows for network and infrastructure monitoring across an organization, was hacked. More than 18,000 public and private organizations were affected as a backdoor malware was installed and spread across networks all over the globe.
On the face of it, the SolarWinds hack looks entirely different than the CrowdStrike mishap. For one, bad actors were involved, first gaining access to the SolarWinds network in September of 2019, testing code injection techniques, finalizing and deploying malicious code called Sunburst and then letting it do its thing.
Yet, there is something that is intimately familiar to the CrowdStrike mishap. SolarWinds used a tool called SolarWinds Orion System to distribute updates to all of its implementations across the globe. This system, like many remote updating systems, has express permissions to update software automatically, bypassing security measures in part because SolarWinds is trusted and well-known across the industry. The hackers were able to comprise the digital signature of the SolarWinds Orion network and have their malware installed on systems via a system update.
In the CrowdStrike case, there were no bad actors, just what appeared to be a flawed quality assurance process, but the results were the same. A remote updating system, trusting CrowdStrike, uploaded and installed a malignant file that proceeded to render Windows systems unusable.
Lessons from SolarWinds and CrowdStrike
CyberSecurity professionals the world over were definitely well informed after the dust settled on the SolarWinds hack. They all knew of the possibilities of a breach via the updating system within their networks, and one would imagine that they would have had a Disaster Recovery Model in place to handle such a scenario. Sadly, that does not appear to be the case, as many industries are still picking up the pieces from the CrowdStrike debacle and it is a good bet that most cybersecurity professionals will be so busy helping with that effort that they will fail to take that last phase of Incident Response, lessons learned.
As we take a step back, it is easy to point the finger at CrowdStrike and its quality control processes as the culprit to this global upheaval, but let’s not forget our inability to responsibly respond to this event. Many companies relied too heavily on CrowdStrike, failing to diversify their security postures. Moreover, there didn’t seem to be any plan B’s to handle a situation of the system simply going down to errors. In this sense, the disaster recovery failures lie with the individual companies IT teams.
The Global Impact of These Cybersecurity Flaws
Overall, it is clear that there are some serious flaws within our computer infrastructures across the globe and I am certain that this has peaked the interest of global bad actors, but we need to look at the lessons we learned here and work toward shoring up those weaknesses because the next time, it won’t be a simple QA mistake and the consequences may be worse than a cancelled flight.
Contact us today to discuss your software development project. We can help build secure, custom software solutions for your business.