If the best of the best can be bested, what chance do the rest of us have?
This is a very relevant question as news of the FireEye and SolarWinds breaches aired. FireEye is a major player in the cybersecurity world. They are one of the top choices to be brought in to respond to a data breach. If they can be hit how can the average company hope to stay safe? The reality is, none of us are safe. No amount of technology, personnel or caliber of skills in the world can guarantee you will never have a data breach or be the victim of ransomware. What we can do is execute a well planned strategy to reduce a significant amount of risk and plan for the inevitable situation where an major incident does occur and mitigate the impact. Keep in mind, the threat actor suspected of this attack is nation state funded, highly skilled and methodical in their execution. In a case like this it really comes down to how quickly will their campaign be identified and mitigated, not prevented entirely.
In this case I think that FireEye being one of the first to identify this incident is a good thing. Few companies were equipped to respond to a data breach this quickly, effectively, and get to a root cause that exposed the much larger campaign underway. If three or six months would have gone by before the backdoor in SolarWinds Orion was discovered the exposure would have been significantly worse. 18,000 entities worldwide could have been 50,000 or 100,000.
What this incident does do is provides us with insights needed to better prepare organization to defend and, if compromised, respond to a data breach. If you are interested in a deeper look into this incident and what insights we can glean from it check out this on-demand Ivanti Insights webinar where Ivanti CSO Phil Richards and I talk about the incident, what recommendations you can take away to defend against or prepare for response to similar incidents.