With SolarWinds Breach, ‘The Hackers Aren’t the Problem’

Details about the giant SolarWinds breach continue to emerge. On Tuesday, Symantec said it found a previously unidentified strain of malicious code unleashed in the attacks. And Wired just published a piece warning of copycat hacking attempts. For managed security service providers, the question becomes one of preventing such threats in the first place.

That may prove wishful thinking.

“There is no guaranteed, foolproof way.”

Asigra’s Eran Farajun

That’s the word from Eran Farajun, executive vice president of Asigra, a data protection vendor that works with managed service providers. Notably, Farajun was among the few experts in recent years predicting an attack that would target remote monitoring and management platforms. It was just a matter of who, when and where.

Since early last year, Farajun has been recommending that all players – providers, customers, partners – separate apps such as backup from the RMM stack. He preached this best practice because once malware gains entry, it then can access mountains of data.

For a while, Farajun’s pleas might have seemed overblown. Then came the SolarWinds fiasco.

In December, hackers, whom U.S. authorities suspect as having ties to Russian state intelligence, inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. The code lived in updates released between March and June of 2020.

This led to security breaches at numerous U.S. government agencies. Those include the Treasury Department, the National Telecommunications and Information Administration and the Department of Homeland Security. The attackers also hit SolarWinds’ corporate clients, including FireEye, as well as Microsoft’s closely guarded source code.

Now, victims of the SolarWinds breach remain in clean-up mode. They’re also thinking about prevention. Indeed, this is top of mind for many an MSSP. But warding off a cyberattack takes more than technology. And this is where a lot of people fall prey to misconceptions.

‘The Hackers Aren’t the Problem’

Too many technology insiders operate under “a false sense of security,” Farajun told Channel Futures.

“The hackers aren’t the problem,” he added. “The IT professionals are the problem.”

Wait. What was that?

Correct, Farajun said — it’s the very people charged with protecting networks and data who paved the way for the SolarWinds attack.

“They think if they buy this vendor, or even an MSSP service, ‘I’m good,’ ‘I can sleep at night,’” he said. “People think it’s going to be solved technologically. The bad guys know that, and that’s what they take advantage of.”

So what’s an MSSP to do? Get more expensive. In other words, Farajun said, be costly to hack.

“A healthier way to deal with this false sense of security is to recognize that the bad guys are always ahead; they’re always going to be a step ahead,” Farajun said.

The better approach? MSSPs must …