As most SolarWinds investigations have stabilized, it’s a good time to give the full report to your Board of Directors. They’ve hopefully been curious, and you’ve likely been giving them bits and pieces along the way. Now it’s time to give them the big picture and explain the takeaways. This article covers the 5 main points you should address when giving a final report to the board on SolarWinds.
As with all incidents, the level of impact dictated the level of investigation you needed to perform, as well as response tactics. So this is a great place to start. We’ve found that everyone falls into one of the categories below:
For more information on how the attack worked see: https://www.bedelsecurity.com/blog/solarwinds-what-do-we-know-so-far
There’s a fine line here; board members don’t want to see the actual logs. But they probably want to know more than “We checked and we’re good.” This will vary depending on where you landed on #1. Some ideas:
This is explaining what actions were taken to contain and remediate the threat. Some examples:
Even if your financial institution was not impacted by this attack, this is a great opportunity to determine if you would be prepared to respond. It’s also time to look at your existing controls to see how the attack would have gone in your environment. Some takeaways we’ve seen:
See more details here: https://www.bedelsecurity.com/blog/mitigating-supply-chain-attacks
You need to explain what makes the SolarWinds attack different. This is a supply chain attack; where a trusted, known application was affected at the source - at the supplier. Security experts feared a supply chain attack like this one for years because they knew that it could be distributed to thousands of organizations without question AND because it could go undetected for a long period of time.
This will change the playbook going forward for attackers and it will change “what” and “who” we can trust as risk managers and cyber professionals.
From a regulatory standpoint, we should also expect increased guidance and scrutiny on how this risk is managed.
While this pretty much describes most incident response templates, I thought it would be helpful to put it in context of this specific attack. Let me know if you have any questions.
Or if you need assistance handling or reporting on this incident, let us know at support@bedelsecurity.com . We’re here to help in any way we can.
Mitigating Supply Chain Attacks
https://www.bedelsecurity.com/blog/mitigating-supply-chain-attacks
SolarWinds: What do we know so far?
https://www.bedelsecurity.com/blog/solarwinds-what-do-we-know-so-far
The Virtual CISO Whitepaper
https://www.bedelsecurity.com/the-virtual-ciso-whitepaper
IT Risk Assessment vs. Vendor Risk Assessment Simplified
https://www.bedelsecurity.com/blog/it-risk-assessment-vs.-vendor-risk-assessment-simplified