Why the current cyber threat landscape requires cooperation and the right technology

Sascha Giese - Head Geek at SolarWinds

Sascha Giese, Head Geek at SolarWinds, looks at why the current cyber threat landscape requires cooperation and the right technology.

Amidst uncertainty and unrest in Ukraine, the entire IT community needs to be conscious of the increasingly changeable cyber landscape. Cyberattacks have become more frequent in the past few years, but conflict exacerbates the problem, making malicious cyber activity worldwide even more likely. Now more than ever, we need to be vigilant in securing our IT environments to secure our critical infrastructure and supply chains against attacks.

At SolarWinds, we know this first hand. The December 2020 SUNBURST cyberattack on our software build environment illuminated a troubling new reality for the software industry. Since then, we’ve innovated and shifted gear to ensure we’re protecting the customers we serve. But it’s not just a question of companies working in isolation. We’ve learned that in the current cyber landscape, security should be a core competency of all organisations. We need to work together in the spirit of community vigilance if we are to take on the complex, increasingly sophisticated threats we face.

Vigilance takes investment

The first step is ensuring preparedness by having the right technology and training in place. Mitigating risk takes investment in network infrastructure and security and compliance technology. In 2021, our survey found that 39% of tech professionals said that their organisations had medium exposure to enterprise IT risk in the past year. However, 45% said they lacked budget and resources to mitigate risk, and a further 45% said lack of training and personnel was holding them back.

In 2021, we surmised that this shortfall was due to tech professionals and organisations leaving ‘crisis mode’ following the pandemic. Tech professionals seemed to have grown more confident in their remote working policies, but hubris can quickly sink into security complacency. There was also a sense that security concerns should be siloed within security and compliance departments – rather than being viewed as an everyday part of business processes that everyone is responsible for.

Geopolitical tensions have been a rude awakening. Just as remote work forced us to reassess our policies and infrastructure, the current uncertainty has prompted reflection on what processes are working correctly. Providing complete visibility to identify areas of risk is crucial. Furthermore, thinking about IT and other business functions as part of an extended security team can really improve a company’s approach.

Working together

It has become a case of ‘when’ not ‘if’ a company will experience the impact of risk exposure. It’s therefore crucial that organisations work together to prepare themselves for an attack. Ensuring that certifications available to the IT industry offer practical guidance on cybersecurity is key.

Investing time and resources in upskilling is crucial. But there’s also a need to be honest about attacks and vulnerabilities to increase transparency. No organisation will be able to single-handedly tackle nation-state attacks, which is why we need to announce problems quickly and widely, across industries.

Leveraging the power and knowledge of the open-source community has been incredibly helpful for SolarWinds. Working collectively, we can respond much faster and more effectively against future attacks.

We recommend Shields Up from the US Cybersecurity & Infrastructure Security Agency (CISA) for guidance and resources. Initiatives like these will help keep organisations informed on best practices.

Ephemeral is best

In addition to industry cooperation, IT environments also need to adapt to the increased frequency of threats.

IT systems should be based on ephemeral operations. Essentially, this means we leave no long-lived environments within our IT infrastructure for attacks to compromise.

We need to ensure there is no possible ‘home base’ for threat actors to take advantage of. Ephemeral operations mean that IT professionals have access to resources on-demand that are automatically destroyed when a discrete task is completed.

The future of cybersecurity

As the world becomes increasingly less secure, we need to prioritise transparency and cooperation. Cybersecurity is not only the concern of IT or security teams. We also need to improve awareness of cyber threats across industries and job functions.