The IT Pro Podcast: Behind the scenes of the SolarWinds hack

Getting hit with a large-scale cyber attack is a nightmare scenario for many IT leaders. Repairing the damage caused by hackers once they’ve infiltrated your system can be both expensive and time-consuming, and the post-breach fallout can be extremely challenging to deal with.  

But while the technical impact an attack like this can have is one thing, we often overlook the effect it has on the individuals who have to respond to it. Long nights, extreme pressure and high levels of stress are all hallmarks of real-world incident response, and for the teams mobilised to deal with a breach, the experience can often be traumatic.

This week, the IT Pro Podcast sits down with SolarWinds CISO Tim Brown and CEO Sudhakar Ramakrishna to dig into one of the most serious and wide ranging attacks of the decade. We find out what it was actually like in the days and weeks following the attack on its Orion platform last year, and how the company’s incident response teams coped with one of the most severe security events in its history. We also discuss what it was like for Ramakrishna joining the company in the immediate wake of the incident, and how he rebuilt trust in SolarWinds’ partners and resiliency in its IT.

Highlights

“We didn't have a Christmas or New Year, that was for sure. We worked Saturday outside the office; Sunday, we were all in the office. Basically, [we were] in the office for a couple weeks straight. I think literally the first time we had a little bit of time off was that Christmas Day. So it's just one of those types of times where there's just so much to do, so many little things to do, so many things you have to have right. We were writing financial 10k information at two in the morning to get it right. [There was] a lot of response needed to happen in the first few weeks.”

“The technical teams were really mad. They were just pissed off, right? They were upset; this happened on their watch. How did this happen? How did this occur? How could they disrupt my product? Because there's a lot of ownership. If you build code, you know, you own it, right? It's your baby ... So to have somebody break into your house, and corrupt your baby, and change it was a very difficult situation for folks. So they wanted to do whatever was necessary to both resolve the problem [and] understand the incident deeply.”

“It was a nation state attack, and no company might be immune to a nation state attack, as was evidenced by much larger breaches and different breaches. So for instance, [the] Microsoft Exchange breach was attributed to China. And so it’s not a matter of how many resources you have, how talented you are, when a nation state that has significant resources is after you. One can take that as comfort and use that as an excuse and say ‘I couldn't have done anything differently’. Or you can take the approach of ‘Okay, what did we learn from this situation? And what can you do about it?’. And so that's how we came up with this initiative called secure by design. That's an initiative I've used previously in other companies but in this particular case, given the scope of the challenge, it was much broader and much wider. And so we use that as a rallying cry across the organisation to become better.”

“I do believe that today, we are a better company than we were a year ago. We were a great company a year ago – we are a better company today for the incident. Because …  through secure by design, we are now not only delivering powerful and simple solutions, but powerful, simple and more secure solutions. Just as an aside, I was with our partners in EMEA and APJ, just in the last two weeks. And one of the key points that our partners are making to our customers is you should deploy SolarWinds with greater confidence now, because it's probably more secure than it ever was before. So that was a positive out of this whole thing.”

Read the full transcript here.

Footnotes

• SolarWinds falls victim to "highly sophisticated" cyber attack
• SolarWinds hackers are targeting Microsoft AD servers
• SolarWinds blames intern for weak ‘solarwinds123’ password
• Microsoft: ‘More than 1,000 engineers’ executed SolarWinds attack
• US SEC investigates SolarWinds clients over cyber breach disclosures
• How to react to a data breach
• SolarWinds hackers breach Microsoft support agent to target customers
• SolarWinds hackers hit 150 organisations in new wave of attacks
• Microsoft warns SolarWinds customers that Serv-U is under attack
• Ten ways to protect your company from the next big data breach
• UK blames China for Microsoft Exchange Server attack
• China slams Microsoft hack accusations as ‘groundless and irresponsible’
• US, UK say Russia was behind SolarWinds hack
• Russian spy chief rebuffs “pathetic” SolarWinds hack accusations
• SolarWinds bolsters its security response capabilities following hack
• Mimecast dumps SolarWinds after hackers breached its network
• SolarWinds hackers first breached systems in September 2019
• Head of Homeland Security had his email hacked in SolarWinds attack
• Four tips for keeping your business secure during mass remote work

Subscribe

• Subscribe to The IT Pro Podcast on Apple Podcasts
• Subscribe to The IT Pro Podcast on Google Podcasts
• Subscribe to The IT Pro Podcast on Spotify
• Subscribe to the IT Pro newsletter
• Subscribe to IT Pro 20/20

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download