Recently, Netskope published an analysis of the situation that prevailed after the hacking of the Texan company, SolarWinds.
A computer attack that in some way has permanently impacted several hundred companies around the world. The more days pass, the more we learn from this cyberattack whose effects continue to endure. Little is known about the extent of this cyberattack, which is considered to be the hacking of the decade. From this hacking, the American computer security company tells us a lot about this.
This article will also interest you: Cyberattack against SolarWinds
"Beyond just trying to find those responsible for this hacking, we prefer to go ahead and look at different ways of managing risk, but also to question how to cut short the hype, chatter and speculation. "The U.S. company says. The objective of this analysis is to enable a better understanding of the computer threat as well as to provide useful advice that will have to be applied on a daily basis to ensure that such tragedies do not happen again.
Here are three lessons to be learned from the SolarWinds attack.
1- Cybersecurity professionals are much more supportive and empathetic.
The situation has shown that cybersecurity professionals support each other much more than we think. And this is understandable when we know that no one really wants to be in such conditions.
"Security professionals, CISO and others, tend to support each other. No one wants to find themselves in the situation where the professionals of FireEye, SolarWinds or anyone else involved found themselves. And with a few exceptions – the barely disguised marketing operation is obvious! – the opinions of security solution providers and influential people have not accumulated, expressing their solidarity instead and wanting to see how we, as a community, can do better from what we have learned from chaos. notes the IT security solutions provider. "The last few years have been a period of division, all over the world. We talk about unity, we talk about wanting to do better in terms of cooperation between the public and private sectors in terms of security, we talk about sharing intelligence on threats, we are talking about being good citizens… we're talking. If there is one bright spot in what happened with SolarWinds, it may have inspired us to really collaborate on the things that need to be done, not just to form more threat information-sharing committees or to advance a technology agenda. SolarWinds is a wake-up call that shows us that we are not yet "arrived" at the level of security controls, but that we have the right people who are committed to getting the right results. he adds.
2- A better understanding of the concepts of "visibility" and "control."
For a very long time these two concepts have been misunderstood. They have even been used in rather misleading contexts just in the name of purely marketing purposes. Yet reality has caught up with us. We really need to understand how computer networks work. How data is collected and processed and how people who need to access it do so. All this in an environment that is controlled by the main players. According to a recent definition of the supply chain, it would be understood as a whole "based on one-off, unreassuring questionnaires and site visits, or the legal jargon of the MSA," explains Equifax's head of training systems security ,"it just doesn't work".
We will simply remember that it is impossible to have a better visibility on the functioning of our computer networks, by ricochet better control, if the players if the players do not fully invest in it.
3- Restoring better risk management for a major advance in cybersecurity.
In practical ways, things change. The way computer interconnections are used is changing quite exceptionally. Especially with the growing adoption of cloud computing. As a result, the approach to cybersecurity must be new.
Now access an unlimited number of passwords: