SolarWinds, the US IT management solutions provider, recovered well in the aftermath of the massive cyber attack it fell victim to last year but said its experience should serve as a warning to other companies to remain vigilant amid an increase in global hacking campaigns.
The Texas-based company, which has a global clientele of more than 300,000 companies in 190 countries, including key US government entities and almost all Fortune 500 businesses, called for streamlining infrastructure and developing a culture of security within organisations to at least detect, if not fully prevent, cyber attacks.
Not doing so can result in potentially significant financial and reputational damages, it said.
“If threat actors are patient and thoughtful, they can get a larger payday from a cyber crime perspective and can boast they got the job done. We need to out-think them, learn what their patterns and activities are, and what they are after,” Tim Brown, chief information security officer of SolarWinds, told The National.
SolarWinds was among a number of companies breached in the wide-scale cyber attack that came to light in December 2020 after going undetected for a year. The hacking continues to reverberate today, with the growing threat of similar supply-chain attacks expected to increase further.
Considered one of the worst cyber espionage cases in history, the attackers exploited software credentials from SolarWinds and other US companies, including Microsoft and VMware, and used them to infiltrate several American federal departments, including defence, state, homeland security, treasury and commerce, while also affecting global organisations such as the UK government, the European Parliament and Nato.
US intelligence agencies said the culprit behind the attacks was a group backed by the Russian government.
Phishing – the practice of sending emails purportedly from reputable companies to trick recipients into revealing personal and sensitive information – has significantly increased during the Covid-19 pandemic, with 70 per cent of respondents in a SophosLabs survey reporting an increase in attacks.
All sectors were hit, with central government experiencing the highest increase (77 per cent), followed by business and professional services (76 per cent) and health care (73 per cent).
The incident, however, did little to dent SolarWinds' profits. For the first quarter ending March 31 this year – the first full three-month period following the attack – the company posted revenue of $256.9 million, up 4 per cent from a year ago but down 3 per cent from the preceding quarter's $265.3m. It rebounded by about 2 per cent to $262m during the second quarter.
“We were expecting a worse first quarter, but it came out better than expected,” said Mr Brown, who was involved in the SolarWinds' investigation and recovery mission of the breach.
"We're still growing well, very healthy from a company perspective and moving forward."
Successful cyber attacks can taint a company's reputation. However, in the case of SolarWinds, Mr Brown said while a number of clients sought other IT management providers, many chose to return to SolarWinds.
The attack prompted SolarWinds to add security contacts for customers, "people that are on speed" all the time, ensuring that assistance will be immediately available in such emergencies.
“If you think you know everything, you don't. If you have just one person for something, it won't work, so we split up the tasks and communicate as frequently as we can. You are never fully prepared for a major cyber incident,” Mr Brown said.
“Prepare for alternate modes of communications, especially when your email is compromised. We can only see so far; we need others to give suggestions or say, 'I see something'."