The Importance of Transparency: Advising Clients on Cybersecurity When There Are Scary Media Headlines

When the SolarWinds cyberattack gained national news prominence in late 2020, it caused panic among organizations worrying if they were vulnerable, and wondering how to protect themselves.

For threat intelligence teams, like those at BlueVoyant, it can lead to distressed clients following similar repeated themes with each call. “Are you looking at this?” a client asks, followed by a chorus of, “What are you doing about it? Are we protected? Is there anything we should be doing?”

The SolarWinds hack has been dubbed “the largest and most sophisticated attack the world has ever seen,” according to Microsoft's President and Vice Chair, Brad Smith. The hackers gained access to emails, court documents, and even nuclear secrets, by way of the U.S. Department of the Treasury, U.S. Department of Justice, U.S. Department of Commerce, as well as other agencies using the popular software platform, SolarWinds, according to CBS News. The U.S. government said Russia was behind the attack, but Russia has denied responsibility.

When SolarWinds gained national attention, BlueVoyant’s team quickly devised an advisory communication framework and process to educate clients on what BlueVoyant was doing to protect them, and how they could best protect themselves.

SolarWinds wasn't the last such breach or vulnerability to be discovered. Since then, there has been Log4j, a vulnerability in popular software libraries, high-impact Microsoft Exchange server vulnerabilities, and worry over cybersecurity implications related to Russia’s Ukraine invasion, among other concerns.

Taking a proactive approach, BlueVoyant sends advisory communications with three purposes: inform all clients that BlueVoyant is on top of the issue; explain, specifically, how BlueVoyant is handling the threat; and what BlueVoyant recommends doing. The goal is transparency; we want our clients to know how we are helping to keep them safe in cyberspace.

With these advisory communications, in addition to transparency, BlueVoyant puts a premium on both speed and accuracy. We will only share solid facts — no assumptions or hyperbole. However, we do want to inform our clients as soon as possible, so we will share what we know at that time and send updates with new information as it becomes available.

Moreover, this also helps our threat analysts focus on keeping companies safe and not getting distracted with calls. That being said, we are always there to help our clients and answer any concerns they have.

The advisory communications continue to this day. With the increased tensions between Russia and Ukraine, BlueVoyant sends advisory communications multiple times a week. Similarly, we reach out to our clients regarding any other cybersecurity news that may cause widespread concerns.

In addition to the advisory communications, BlueVoyant provides weekly cyber intelligence summaries and monthly threat landscape reports to our clients. We also provide access to client webinars (as needed) as a live vehicle for our customers to reach out directly to threat intelligence analysts and experts, both of whom can answer any questions.

BlueVoyant’s goal is to make high-end cybersecurity available to organizations around the globe and across industries. In doing so, we also want to provide as much transparency as possible. Many in the cybersecurity space do not like to share with clients exactly what they are doing because they believe it infringes on their intellectual property. We want our clients to know how we are keeping them safe and to let our work speak for itself.