February 27, 2023 By Jennifer Gregory 4 min read

I’ve always told my kids that everyone makes mistakes. What really matters is how you handle them and that you learn from what happened.

SolarWinds followed the same thinking in how it handled its 2020 breach. Not only did the company write its comeback story to help improve its reputation, but it is also working proactively to help other companies avoid becoming victims themselves. The breach was certainly not a positive occurrence. However, the company is now leading by example with its revised security practices and serving as a model for turning things around after a breach.

SolarWinds proactively improves cybersecurity

Several of SolarWinds’ U.S. government customers became infected with malicious code by a nation-state after the company was victimized by a supply chain attack in what is now seen as one of the largest and most successful hacks in U.S. history. Due to the attack, SolarWinds has faced numerous legal battles and is currently under investigation by the Securities and Exchange Commission.

In addition to recovering from the breach and fighting legal battles, the company committed itself to improve its cybersecurity significantly. The organization has made itself the blueprint for other software providers to avoid becoming the next “patient zero” in a software supply chain hack. At the same time, it set an example of how a company can transform its cybersecurity practices and reputation.

Here are some significant changes SolarWinds has made since the breach:

  • Created a cybersecurity committee on its board of directors. Although the company had a technology committee on the board, they realized they needed leaders focusing specifically on cybersecurity.
  • Added renowned cybersecurity experts to the board. SolarWinds tapped former CISA Chief Chris Krebs and former Facebook and Yahoo Security Chief Alex Stamos as consultants.
  • Built cybersecurity into its software build cycle. By adopting reproducible builds, SolarWinds can now identify disparities in binary code much easier. This means future attackers would have to infect two different environments to pull off an attack, which is exceptionally challenging.

Other companies have also responded to breaches by improving their security policies and practices. Here are some ways other companies have changed their ways.

Target hired its first-ever CISO after 2013 breach

In 2013, threat actors stole credit and debit card information from over 40 million Target customers. Target paid $18.5 million to settle claims from 47 states and the District of Columbia. At the time, the attack was groundbreaking in its size and infection vector: card-skimming malware deployed on the point of sales (POS) system. It was later discovered that the POS system was accessed using stolen credentials from a third-party vendor.

After the breach, Target hired its first-ever Chief Information Security Officer (CISO), Brad Maiorino, to help repair its reputation and improve cybersecurity. Since Target added Maiorino to the C-suite, the CISO’s role has evolved from a technical to a strategic executive position. The CISO aligns the business’s security priorities with the overall business goals and manages the company’s cyber risk. Because collaboration is key to the role, the CISO must be an excellent communicator and be able to talk with employees at all levels of the organization.

While hiring a CISO is always smart, they are most effective when hired before a major breach. Through cybersecurity investments led by the CISO, companies can reduce the risk of a breach. If a security event happens, having a CISO significantly improves the company’s recovery and rebuild. 

Equifax focused on creating a cybersecurity culture

In 2017, malicious actors stole the personal information of over 140 million people, including social security numbers and credit card accounts, from Equifax’s systems. For 76 days, the cyber criminals were active in the company’s systems without its knowledge. Equifax was fined $575 million by the Federal Trade Commission to help victims recover.

After the breach, Equifax invested $200 million to upgrade its cybersecurity infrastructure and data privacy protection. The cornerstone of the change was creating a cybersecurity culture and providing incident response training. Because the breach resulted from an unpatched system, one of the first priorities was improving the patching process. Equifax also focused on access control and identity management to ensure that only authorized users could access the network and sensitive data.

In a cybersecurity culture, everyone in the company knows that cybersecurity is their responsibility. While education is important, training must go further than just “checking the box”. By making training fun and meaningful, leaders can help employees understand the importance of cybersecurity and the principles of good security hygiene. Instead of yearly training, employees should regularly hear about new cybersecurity concerns and reminders about best practices.

Home Depot implemented MFA and encryption

In 2014, data of over 50 million Home Depot customers was stolen after the credentials of a third-party vendor were compromised. As part of the cost of the breach, the home improvement store had to pay $17.5 million in settlements to attorney generals in 46 states and Washington, DC, to compensate for damages caused by the breach.

After the attack, Home Depot made numerous changes to its cybersecurity, including adding a CISO and increasing cybersecurity training. Additionally, the retailer changed its processes by adding new controls. Through password management, Home Depot now ensures that employees follow best password practices. Encryption has also reduced the likelihood of cyber criminals intercepting sensitive data in transit, and multi-factor authentication (MFA) helps reduce the possibility of cyber criminals gaining access to the company’s systems.

Learning from other breaches

While these organizations made positive changes after a breach, other companies should learn from their mistakes. It’s far better to proactively take action before becoming a victim in the first place. By protecting yourself now, you can keep your focus on serving customers instead of recovering from a devastating breach.

More from Incident Response

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today