SolarWinds Cyberattack: Lessons Learned

The cyberattack on SolarWinds, a US information technology company, underscores the potential vulnerability of every organisation and highlights the importance that companies have structures in place to quickly respond and start the remediation process.

Speaking during a Marsh webcast, SolarWinds CEO Sudhakar Ramakrishna highlighted the importance of the insurance industry rewarding transparency among organisations that are the subject of cyberattacks. The focus should be on prevention by proliferating best practices and providing forums for companies that experience an attack to share their experience.

The unique and sophisticated cyberattack saw the company start taking remedial actions even while investigations are still underway. A crucial step was involving SolarWinds’ cyber insurer and its brokers at Marsh immediately, said Jason Bliss, chief administrative officer and general counsel for SolarWinds. This enabled SolarWinds to understand the scope of additional services — beyond the coverage itself — that were available via the company’s cyber insurance policy.

During the webcast, Messrs. Ramakrishna and Bliss shared information about the unique attack, how it affected SolarWinds and its supply chain, and the actions the company took — and is still taking — to remediate and improve its security.

They also noted that cyber breaches will continue to happen. “If a nation-state attacker wants to compromise your network or assets, it’s going to be a matter of when — and not if,” Mr. Ramakrishna said. But companies can take action.

SolarWinds Cyberattack: Meeting the New Cybersecurity Bar

The timely sharing of information following a major cyberattack like the one on SolarWinds, a US information technology company, can be critical in helping other organisations prepare for similar threats.

Speaking during the second part of Marsh’s webcast series related to the cyberattack, SolarWinds chief information security officer Tim Brown noted that the targeted and sophisticated cyberattack the company experienced last year is not generally the type of attack organisations prepare for. “Now we need to prepare for more of these as a community.”

Part of the way forward should include the sharing of information and learnings that allow other organisations to address any uncovered vulnerabilities. But as Alex Stamos from the Krebs Stamos Group said, we’re missing the critical function of a central entity that collects and shares learnings from cyberattacks in the same way the National Transportation Safety Board investigates aeronautical incidents. Although organisations targeted by threat actors should not be blamed, their collaboration and transparency is critical to help others learn from their experience, especially considering the fast evolving nature of cyber threats.

Organisations often focus predominantly on preventing an attack rather than looking across the risk spectrum, including recovery and restoration, noted Tom Reagan, Marsh’s Cyber Practice leader for the US and Canada. “If you want to move beyond prevention and start looking at resilience, you have to more actively and dynamically prepare to respond when something goes wrong.”

Considering the inevitability of breaches, Mr. Stamos said organisations should build “bend-but-not-break” defences that focus on catching attackers early and being able to respond quickly.

Part of the response following a cyberattack is to tap into the specialised expertise that is often provided within a cyber program, making it critical for organisations to immediately contact their broker or insurer. The increase in cyber events is contributing to higher insurance pricing and a greater focus on controls implemented by organisations to improve cyber resilience.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”