8 ways organizations are responding to recent high-profile cyberbreaches

In our conversations with your peers, we are learning what others are doing during this period of even more heightened awareness of our security vulnerability. Those activities include:  

1. Determining and remediating direct and indirect exposure to the SolarWinds Orion backdoor.
2. Performing compromise assessments to identify existing network vulnerabilities undetected by current security controls. 
3. Meeting with executive management and boards to address the potential impact of recent events and discuss possible needs for additional security controls. 
4. Conducting an inventory of third parties that provide hardware and software to make sure that known security vulnerabilities are addressed and confirming that all patches are applied or unapplied patch risk is managed. 
5. Assessing the criticality of third parties that have access to your network, sensitive data, and supply chain; identifying the critical third parties; performing a security risk assessment; and remediating issues that exceed the organization’s risk appetite. 
6. Creating business continuity plans for key application and hardware security controls.
7. Performing emergency tabletop exercises to address the loss or compromise of a key application, hardware security controls, or outsourced security managed service.
8. Maintaining vigilance on recent events by developing a trusted, curated list of sources to reference on a daily basis. Such sources include: 

• FireEye  
  • Information  
  • Threat research  
  • Red team tool countermeasures GitHub 
  • Sunburst countermeasures GitHub  

• SolarWinds 
  • SolarWinds’ security advisory

• Dark Reading 

• SecurityWeek

• Cybersecurity and Infrastructure Security Agency (CISA)

• Department of Homeland Security 
  • Cybersecurity directives 

If you would like to contribute to this dialogue and share your actions, please contact Troy La Huis at +1 616 233 5571 or [email protected].