The IT Pro Podcast: Behind the scenes of the SolarWinds hack

The IT Pro Podcast: Behind the scenes of the Solarwinds hack

Getting hit with a large-scale cyber attack is a nightmare scenario for many IT leaders. Repairing the damage caused by hackers once they’ve infiltrated your system can be both expensive and time-consuming, and the post-breach fallout can be extremely challenging to deal with.

But while the technical impact an attack like this can have is one thing, we often overlook the effect it has on the individuals who have to respond to it. Long nights, extreme pressure and high levels of stress are all hallmarks of real-world incident response, and for the teams mobilised to deal with a breach, the experience can often be traumatic.

This week, the IT Pro Podcast sits down with SolarWinds CISO Tim Brown and CEO Sudhakar Ramakrishna to dig into one of the most serious and wide ranging attacks of the decade. We find out what it was actually like in the days and weeks following the attack on its Orion platform last year, and how the company’s incident response teams coped with one of the most severe security events in its history. We also discuss what it was like for Ramakrishna joining the company in the immediate wake of the incident, and how he rebuilt trust in SolarWinds’ partners and resiliency in its IT.

Highlights

“We didn't have a Christmas or New Year, that was for sure. We worked Saturday outside the office; Sunday, we were all in the office. Basically, [we were] in the office for a couple weeks straight. I think literally the first time we had a little bit of time off was that Christmas Day. So it's just one of those types of times where there's just so much to do, so many little things to do, so many things you have to have right. We were writing financial 10k information at two in the morning to get it right. [There was] a lot of response needed to happen in the first few weeks.”

“The technical teams were really mad. They were just pissed off, right? They were upset; this happened on their watch. How did this happen? How did this occur? How could they disrupt my product? Because there's a lot of ownership. If you build code, you know, you own it, right? It's your baby ... So to have somebody break into your house, and corrupt your baby, and change it was a very difficult situation for folks. So they wanted to do whatever was necessary to both resolve the problem [and] understand the incident deeply.”

“It was a nation state attack, and no company might be immune to a nation state attack, as was evidenced by much larger breaches and different breaches. So for instance, [the] Microsoft Exchange breach was attributed to China. And so it’s not a matter of how many resources you have, how talented you are, when a nation state that has significant resources is after you. One can take that as comfort and use that as an excuse and say ‘I couldn't have done anything differently’. Or you can take the approach of ‘Okay, what did we learn from this situation? And what can you do about it?’. And so that's how we came up with this initiative called secure by design. That's an initiative I've used previously in other companies but in this particular case, given the scope of the challenge, it was much broader and much wider. And so we use that as a rallying cry across the organisation to become better.”

“I do believe that today, we are a better company than we were a year ago. We were a great company a year ago – we are a better company today for the incident. Because … through secure by design, we are now not only delivering powerful and simple solutions, but powerful, simple and more secure solutions. Just as an aside, I was with our partners in EMEA and APJ, just in the last two weeks. And one of the key points that our partners are making to our customers is you should deploy SolarWinds with greater confidence now, because it's probably more secure than it ever was before. So that was a positive out of this whole thing.”

Read the full transcript here.

Footnotes

Subscribe

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.