SOLARWINDS – THE LARGEST HACK OF 2020
What actually happened?
SolarWinds is a managed service provider (MSP) who provides IT services to over 300,000 other businesses. While most experts agree that SolarWinds was the largest hack of 2020, the total impact of it is largely unknown. At this point we believe Russia used SolarWind’s Orion network monitoring software to infiltrate at least 18,000 government and private networks; most experts surveyed believe the number is significantly higher than this. We recently talked to a government official who preferred to remain anonymous but said, “this is going to get a lot worse before it gets better.” Russian hackers had access to all of the data within these networks for an extended period of time to include user ID’s, passwords, healthcare information, financial information, confidential documents, and really anything else you can imagine.
The tactic of attacking the supply chain is significant because it allows the hackers access to significantly more data than if they were to attack each company individually. The time and expense to hack 18,000 networks is far more expensive and difficult than it is to hack one SolarWinds product. This should be a wake up call for MSP’s but also for the companies who use MSP’s.
In response to the attack, Microsoft announced they had taken significant steps to retaliate against the Russians. This is something we don’t always see and speaks to the significance of this breach. According to GeekWire, “Microsoft [unleashed] ‘Death Star’ on SolarWinds hackers in extraordinary response to breach.” Attacking Cozy Bear, the same group who hacked the Democratic National Committee in 2016, “Microsoft flexed the muscle of its legal team and its control of the Windows operating system to nearly obliterate the actions of some of the most sophisticated offensive hackers out there”
NSA ALERT – Read the official NSA Cybersecurity Advisory
How is the SolarWinds breach impacting the cyber insurance market?
To say insurance carriers are scared of the SolarWinds breach would be an understatement. One of the largest cyber insurance carriers told us they’re going to exclude all claims related to SolarWinds on all new and renewal quotes going forward. Another carrier told us they’ll be seeking 25-30% rate increases on all renewals, requiring MFA and endpoint detection, and reducing ransomware coverage on some accounts. And this is just the start!
Cyber Policy Language Concerns
Cyber Terrorism Exclusions
Most cyber liability policies have exclusions for governmental actions, war, terrorism, and other cyber incidents tied to state sponsored actors. These exclusions are extremely problematic when cyber attacks are launched by government related groups as appears to be the case here. We recently reviewed cyber liability policies from 16 different carriers and only 2 had acceptable language. Fifty percent of the carriers provided neutral language while over 1/3rd of the carriers provided unacceptable language. Every insured needs to understand what restrictions their policy may have if a claim is triggered by a cyber attack tied to a state sponsored actor.
To learn more about War & Terrorism Exclusions in cyber policies and the carriers who don’t cover this type of cyber attack, read our white paper.
Cyber Business Interruption for Supply Chain Failures
In addition to cyber terrorism related exclusions, cyber business interruption is an issue where many cyber liability policies fall short. Most policies don’t appropriately cover business interruptions caused by supply chain failures. Given how prevalent this is, with SolarWinds being one of many examples, it’s important an insured gets this piece of their policy right.
BCP TECH RELATED BLOG POST: Properly Transferring Technology Risk to Your Vendors
If you have questions or concerns related to the SolarWinds breach or your cyber liability policy, feel free to reach out to our bcp tech team.