As the SolarWinds data breach saga continues to unfold, the company has announced it will be making some significant changes related to cybersecurity.
If you are not familiar with the current situation for SolarWinds, go ahead and read these recent SecureWorld articles about the breach here, and the follow up here.
SolarWinds recently announced the hiring of a new CEO, Sudhakar Ramakrishna. Ramakrishna accepted the position before the company was notified of the breach, and aims to learn and grow from this experience with the company.
Here is what he had to say regarding the recent breach:
"In my most recent role as CEO of Pulse Secure, and in other executive assignments, I have dealt with highly visible security breaches. In these instances, I have sought to let humility, ownership, transparency, focused action, and bias towards customer safety and security be my guiding principles. It is my goal to bring this same approach to bear here at SolarWinds.
It is in this spirit that I have made it a priority to support and continue the SolarWinds investigation of this incident in cooperation with important stakeholders—including industry colleagues, third-party cybersecurity experts, law enforcement, and intelligence agencies around the world."
He also acknowledged the customer is of utmost important in situations like these.
"By far, my most important commitment is to help our customers and partners navigate this challenge with the help and support of the entire SolarWinds team.
Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. I am doing that by working directly with the SolarWinds team to lead the immediate improvement of critical business and product development systems, with the goal of making SolarWinds an enterprise software industry security leader. These transformative efforts will require tremendous focus on security programs, policies, teams, and culture."
SolarWinds says it has reached out to leading security experts for guidance during their incident response process.
The company has identified three primary areas for improvement:
And SolarWinds identified 11 immediate actions the company must take in order to achieve the improvements it is seeking. These include:
To further assist the new CEO and company response, SolarWinds is bringing in two well-known names in the security industry.
This includes Christopher Krebs, the former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs was fired in November via a tweet from President Trump for refuting the President's claims of election fraud. Krebs was hired as an independent consultant.
And Krebs has teamed up with Alex Stamos in the consulting world, who is Facebook's former Chief Security Officer.
The two will work closely with SolarWinds CEO Ramakrishna to continue responding and recovering from the company's data breach.