Search

The SolarWinds Hack

Updated: Oct 5, 2021


Cybersecurity Training Internal Controls Training
Does your information security program cover all that software from a third party?

In 2020, a number of significant advances in hacking were made by the cyber criminals. Right here in Austin Texas, we observed the compromise of the SolarWinds application.

The Russian hackers were able to get inside the SolarWinds code library and install their future access points within the packaged software. SolarWinds did not have effective information technology general controls (ITGCs) to prevent nor detect this additional code. The access points were downloaded as the SolarWinds customers updated their copy of the application.

The SolarWinds customers “trusted” their software supplier. Trust is not a control. I am with President Reagan, we need to trust our suppliers but we need to verify they have effective controls.


SolarWinds now has on their website a list of the ITGCs they have in place:

· Information Security Policy

· Organizational Security

· Asset Management

· Personnel Security

· Physical and Environmental Security

· Operational Security

· Access Controls

· Software Development Lifecycle

· Incident Management

· Business Continuity and Disaster Recovery

· Data Protection


Here is a link to the SolarWinds summary description of these items:

https://www.solarwinds.com/security/security-statement


CCS has a number of CPE events covering information security and related internal controls. You can access a listing of the events at: http://compliance-seminars.com/Index-Information-Technology.asp#Training-Seminars-List

13 views0 comments

Recent Posts

See All