Blog
← Back to Blog
January 10, 2021 cybersecurity

SolarWinds Aftermath: What We Know Now and What It Means for Small Business

Supply chain cybersecurity aftermath

A month after the SolarWinds hack was disclosed, the picture is clearer and more alarming. At least nine US government agencies were compromised. Over 100 private companies were specifically targeted for deeper infiltration. Microsoft confirmed its source code was accessed. The full scope may take years to understand.

For small businesses, SolarWinds reinforces a lesson we've been writing about since NotPetya: your security is only as strong as your weakest vendor.

What We've Learned

The Attack Was Broader Than Initially Reported

Beyond SolarWinds, investigators discovered that the same attackers used additional entry points, including compromised Microsoft cloud credentials and vulnerabilities in other software. SolarWinds was one vector, not the only vector.

Detection Took Nine Months

The attackers operated inside government and corporate networks for nine months before FireEye discovered the breach while investigating their own compromise. This means thousands of organizations had active backdoors in their systems for most of 2020 without knowing it.

Traditional Security Tools Missed It

Antivirus didn't catch it. Firewalls didn't catch it. The malware was embedded in a legitimately signed software update and used techniques specifically designed to evade detection. This challenges the assumption that traditional security tools are sufficient.

Small Business Implications

1. Audit your software supply chain. List every piece of software that has access to your network or data. For each one, ask: if this vendor's update mechanism was compromised, what would the attacker gain access to?

2. Question your MSP's tools. Your managed service provider uses remote management, monitoring, and backup tools that have deep access to your systems. Ask what tools they use and how those tools are secured.

3. Implement network monitoring. SolarWinds went undetected because nobody was watching for unusual outbound connections. Even basic DNS monitoring can detect compromised systems communicating with command servers.

4. Assume breach mentality. Instead of assuming your systems are clean, assume they might be compromised and look for evidence. Check for unusual accounts, unexpected network connections, and unexplained system changes.

5. Diversify your trust. Don't rely on any single vendor or tool for all of your security. Layered defenses from multiple vendors mean a compromise of one doesn't give attackers everything.

SolarWinds was a wake-up call for the entire technology industry. The supply chain trust model needs to evolve. Until it does, vigilance is your best defense.