SolarWinds Network Breach Case Study Part 2
In this episode of The Cybersecurity Insider, host Yigal Behar and guest, Seth Melendez of WareGeeks Solutions, continue their conversation about the SolarWinds network breach, firewalls, and more.
Responding to a Suspected Breach
Yigal begins by addressing the previous discussion about passwords. In the case of a suspected breach, companies should assume they have already been hacked and take immediate action to protect their network, data, and customers. He suggests a proactive approach, even before any signs of a breach are evident.
If a company discovers a compromise, it’s better to take the time and resources to clean and change everything rather than risk losing customers and business down the road. He supplies the proverb “penny wise, pound foolish,” advising listeners to invest in security now to avoid larger losses later.
The FireEye Breach Is A Wake-Up Call
The Internet connection then becomes unstable. While waiting for Seth to rejoin, Yigal reiterates his point about assuming a breach has occurred and shares that his company took this approach internally after hearing about the FireEye breach.
This served as a wake-up call, prompting them to implement any necessary security measures internally and with their customers.
Firewalls & DNS
Yigal fires on about taking proactive measures to maintain a strong security posture. He advises companies to be diligent about firewall configurations, ensuring that traffic is restricted to specific protocols, sources, and destinations. He also encourages controlling Domain Name System (DNS) traffic, as adversaries often use it for communication.
Yigal continues his rundown of security measures of verifying and reviewing Active Directory and local computer accounts. He urges the need to change passwords and monitor network traffic through firewalls.
He highlights a common issue found during firewall reviews: many are configured to allow any type of traffic from any source to any destination. Yigal advises against this, recommending that traffic should be limited to specific protocols like HTTP, HTTPS, and DNS.
Just as Yigal is explaining this, Seth rejoins the conversation. Yigal quickly catches him up on the points he was making about password changes and firewall configurations.
Seeking Expert Help In Cybersecurity
Yigal resumes that email services might need broader access, but other traffic should be restricted. If business owners feel they’ve been compromised, they should seek help from experts like himself and Seth.
Seth adds that even technical people may not understand firewall configuration and traffic management. He points out that many IT professionals don’t even implement basic security measures. Seth encourages business owners to seek help if their IT staff doesn’t know how to handle a security breach. He reassures listeners that there’s no shame in asking for assistance and having qualified professionals address cybersecurity issues. It’s okay not to know everything and to seek help when needed.
Yigal then transitions to a common trend he has observed over the years: IT professionals often focus on connecting systems and installing software but neglect security considerations until after a problem arises. He suggests that security is often treated as an afterthought in many IT environments.
The Dangers Of Prioritizing Functionality Over Security
Yigal illustrates his point with an example of a client who wanted to connect their VoIP (Voice over Internet Protocol) phones directly to the network, bypassing the firewall. Yigal, understanding the security risks involved, firmly refused this request. He explains that if the phones were compromised, the entire network would be at risk. This incident demonstrates how IT professionals, despite their technical knowledge, may not always prioritize security.
Seth agrees with Yigal’s observation and adds that many people, including IT professionals, are often focused on simply getting the job done without considering the potential security implications. He warns that this approach can lead to costly consequences in the long run.
The Cost of Cutting Corners
Yigal recounts that the customer in his example still insisted on using an antivirus solution instead of a more comprehensive threat detection system, citing cost concerns. Saving money now could lead to huge financial losses later due to a security breach.
Seth advises business owners to prioritize security and invest in proper measures to avoid future problems. “I always tell people you can pay me the 10 dollars now, or you can pay me the thousand dollars later,” he adds. “Do what you do, whatever it is the business you’re in, go do that, and I’ll take care of the rest, you know what I mean? I’ll let you sleep at night.” By working with cybersecurity professionals, they can focus on their core business while leaving the security concerns in the hands of experts.
As Yigal brings the podcast to a close, he assures listeners that Seth will join him again in future episodes.
Don’t miss Part 1 of this eye-opening discussion on network breaches and more. Stay informed and protect your business by tuning into The Cybersecurity Insider, available on YouTube, Apple Podcasts, and Spotify.
