Organizations impacted by SolarWinds breach need long-term strategy - PRNewswire

ersamoyor.blogspot.com

What should organizations do after an attack of this magnitude?
In the short term, Hendricks said any organization that uses the SolarWinds product must immediately take steps to resolve the core vulnerability by taking the tool offline and implementing the vendor patch. Additionally, organizations must conduct forensic analysis to determine the level of infiltration, data exfiltration, affected devices and systems compromised.

Once these immediate steps have been taken, organizations must develop a long-term strategy necessary to prevent future occurrences. Considerations include, but are not limited to, ensuring the network is segmented in such a manner the restricts movement between systems; vetting their product and service vendors to ensure they meet or exceed cybersecurity controls and operational standards; implementing data loss prevention capabilities; reviewing and updating security policies and procedures; and ensuring incident response, continuity of operations, and disaster recovery plans are developed tested, and implemented.

"It is critical organizations utilize threat intelligence tools and processes to help identify supply chain compromises to identify potential threats and vulnerabilities, and plan for appropriate mitigation measures to prevent similar attacks," Hendricks said. In layman's terms, he explained, security departments must have personnel, processes, and tools necessary to manage the risk associated with using third party vendors. Supply chain risk assessments are critical to ensure vendors are performing due diligence and implementing industry best practices for security standards and controls.

When developing incident response plans, Hendricks said, organizations must engage their suppliers. Both parties need to have plans to notify the other if their network, systems, or data have been compromised or a compromise is suspected. Organizations must review and monitor vendor access and review system logs on a regular basis. This includes change management controls that regulate updates and other modifications that go into production.

Hendricks added organizations should also implement reliable backup measures to ensure data is available for recovery operations and the backup systems themselves are not at risk of compromise. These measures should include real-time notification and resolution of backup failures and regular testing of backup restoration.

Seek Outside Help
Many organizations do not have the skilled expertise, tools or other resources necessary to accomplish this on their own and will benefit from outside IT expertise. DMI provides the required support and resources to gain and maintain real-time understanding of current security posture, design and implement end-to-end cybersecurity, and quickly recover from major security incidents.

For more information on DMI's full suite of Security Managed Services, please visit https://dminc.com/federal/cybersecurity/.

About DMI
DMI is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for more than a hundred Fortune 1,000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,500+ employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. www.DMInc.com

Media Contact:
Lara Plathe
515-453-2042
[email protected]

SOURCE DMI