Hackers implanted malicious code into the software-build process of SolarWinds’ Orion products in order to compromise customers’ Orion services using a backdoor and steal their data.
Speaking on a Dec. 23 Webinar, Jim Routh, chief information security officer (CISO) of MassMutual, called the SolarWinds hack “a shift in the tectonic plates of cyber-security.” He recommended companies and organizations think about what steps they can apply immediately from a cloud supply chain risk management standpoint. “This is a wake-up call for the enterprise,” he said.
Here are five things companies can, and should, do right now:
Start by having the right conversations. “The bottom line is that we’ve been having the wrong conversations,” said Bob Brese, vice president and executive partner at Gartner and former chief information officer (CIO) for the U.S. Department of Energy. Many conversations CIOs and CISOs have with the C-suite and the board focus on solving technical problems, rather than managing risk, he said.
“Not all vulnerabilities are created equal,” Brese added. In today’s cloud supply chain, for example, it may be that monitoring a fourth- or fifth-party…