Light Dark
February 27, 2023 By Jennifer Gregory 4 min read
Incident Response

I’ve always told my kids that everyone makes mistakes. What really matters is how you handle them and that you learn from what happened.

SolarWinds followed the same thinking in how it handled its 2020 breach. Not only did the company write its comeback story to help improve its reputation, but it is also working proactively to help other companies avoid becoming victims themselves. The breach was certainly not a positive occurrence. However, the company is now leading by example with its revised security practices and serving as a model for turning things around after a breach.

SolarWinds proactively improves cybersecurity

Several of SolarWinds’ U.S. government customers became infected with malicious code by a nation-state after the company was victimized by a supply chain attack in what is now seen as one of the largest and most successful hacks in U.S. history. Due to the attack, SolarWinds has faced numerous legal battles and is currently under investigation by the Securities and Exchange Commission.

In addition to recovering from the breach and fighting legal battles, the company committed itself to improve its cybersecurity significantly. The organization has made itself the blueprint for other software providers to avoid becoming the next “patient zero” in a software supply chain hack. At the same time, it set an example of how a company can transform its cybersecurity practices and reputation.

Here are some significant changes SolarWinds has made since the breach:

  • Created a cybersecurity committee on its board of directors. Although the company had a technology committee on the board, they realized they needed leaders focusing specifically on cybersecurity.
  • Added renowned cybersecurity experts to the board. SolarWinds tapped former CISA Chief Chris Krebs and former Facebook and Yahoo Security Chief Alex Stamos as consultants.
  • Built cybersecurity into its software build cycle. By adopting reproducible builds, SolarWinds can now identify disparities in binary code much easier. This means future attackers would have to infect two different environments to pull off an attack, which is exceptionally challenging.

Other companies have also responded to breaches by improving their security policies and practices. Here are some ways other companies have changed their ways.

Target hired its first-ever CISO after 2013 breach

In 2013, threat actors stole credit and debit card information from over 40 million Target customers. Target paid $18.5 million to settle claims from 47 states and the District of Columbia. At the time, the attack was groundbreaking in its size and infection vector: card-skimming malware deployed on the point of sales (POS) system. It was later discovered that the POS system was accessed using stolen credentials from a third-party vendor.

After the breach, Target hired its first-ever Chief Information Security Officer (CISO), Brad Maiorino, to help repair its reputation and improve cybersecurity. Since Target added Maiorino to the C-suite, the CISO’s role has evolved from a technical to a strategic executive position. The CISO aligns the business’s security priorities with the overall business goals and manages the company’s cyber risk. Because collaboration is key to the role, the CISO must be an excellent communicator and be able to talk with employees at all levels of the organization.

While hiring a CISO is always smart, they are most effective when hired before a major breach. Through cybersecurity investments led by the CISO, companies can reduce the risk of a breach. If a security event happens, having a CISO significantly improves the company’s recovery and rebuild. 

Equifax focused on creating a cybersecurity culture

In 2017, malicious actors stole the personal information of over 140 million people, including social security numbers and credit card accounts, from Equifax’s systems. For 76 days, the cyber criminals were active in the company’s systems without its knowledge. Equifax was fined $575 million by the Federal Trade Commission to help victims recover.

After the breach, Equifax invested $200 million to upgrade its cybersecurity infrastructure and data privacy protection. The cornerstone of the change was creating a cybersecurity culture and providing incident response training. Because the breach resulted from an unpatched system, one of the first priorities was improving the patching process. Equifax also focused on access control and identity management to ensure that only authorized users could access the network and sensitive data.

In a cybersecurity culture, everyone in the company knows that cybersecurity is their responsibility. While education is important, training must go further than just “checking the box”. By making training fun and meaningful, leaders can help employees understand the importance of cybersecurity and the principles of good security hygiene. Instead of yearly training, employees should regularly hear about new cybersecurity concerns and reminders about best practices.

Home Depot implemented MFA and encryption

In 2014, data of over 50 million Home Depot customers was stolen after the credentials of a third-party vendor were compromised. As part of the cost of the breach, the home improvement store had to pay $17.5 million in settlements to attorney generals in 46 states and Washington, DC, to compensate for damages caused by the breach.

After the attack, Home Depot made numerous changes to its cybersecurity, including adding a CISO and increasing cybersecurity training. Additionally, the retailer changed its processes by adding new controls. Through password management, Home Depot now ensures that employees follow best password practices. Encryption has also reduced the likelihood of cyber criminals intercepting sensitive data in transit, and multi-factor authentication (MFA) helps reduce the possibility of cyber criminals gaining access to the company’s systems.

Learning from other breaches

While these organizations made positive changes after a breach, other companies should learn from their mistakes. It’s far better to proactively take action before becoming a victim in the first place. By protecting yourself now, you can keep your focus on serving customers instead of recovering from a devastating breach.

 |  |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Incident Response
May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature