About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events
Jun 11

RubinBrown’s Leveraging Technology for Business Success

Learn More & Register
Jun 17

RubinBrown’s Rural Health Webinar Series

Learn More & Register
Jul 15

RubinBrown’s Provider Education Portal Webinar: E/M Essentials for Residents

Learn More & Register

FASB Proposes Update To Enhance Guidance On Debt Modifications And Extinguishments

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

Focus on Cyber Security: SolarWinds Cyber Attack

Contact Us

Focus on Cyber Security: SolarWinds Cyber Attack

Contact Us

linkedin image

The recent intrusion of high profile government systems via the SolarWinds Orion vulnerability has gained quite a bit of media attention and is likely to dominate the cyber security news cycle for the foreseeable future. And while nearly all affected SolarWinds clients have been made aware and begun the mitigation process, there are some larger lessons to be learned from these events.

[Note: if you are or believe that you may have been directly affected by the breach, refer to the CISA Emergency Directive 21-01 for guidance or contact external cyber security professionals for assistance as needed.]

The actual damage of this breach has yet to be calculated, partly because the extensive number of organizations impacted and the ripple effects to other organizations. The ripple effect means that not only were the affected SolarWinds clients put at risk, but so were their vendors, clients, B2B partners, and other affiliated individuals and agencies within their overall ‘supply chain.’ The emergency directives and guidance provides information needed for quickly closing the vulnerability. On a broader basis, the event presents the opportunity to ask some important questions, such as:

  • Were we or anyone in our supply chain affected? Can we say with certainty that we were not affected? Can we say with certainty that we have remediated all primary and downstream vulnerabilities or persistent issues which were or might have been present as a result of the breach? Can our vendors and suppliers provide us assurance about the impact to their organization?
  • Have we considered implementing a supply chain risk management program? In recognition of the needs of commercial customers and business partners of manufacturers, producers, and distribution companies, the AICPA has developed a framework for reporting on the controls over a manufacturing, production, or distribution system. Organizations can use the reporting framework to communicate to stakeholders (SOC for Supply Chain report) or to help develop their program internally and relevant information about their supply chain risk-management efforts and the processes and controls they have in place to detect, prevent, and respond to supply chain risks.
  • Are we subject to auditing or regulatory requirements that need to be addressed? Does the fact that the organization or supply chain was affected trigger a mandatory report? Should a disclosure be made even absent an absolute requirement to do so?
  • Are we practicing defense-in-depth? The idea that a robust perimeter defense can secure networks in the modern threat landscape can no longer be held to be true. A compromise of a client or vendor can put your data and system at risk even with a strong perimeter. Routine monitoring of network and user activity against what is ‘normal’ is critical to stop in progress attacks and prevent further spread and damage.
  • How is our cyber security documentation? For clients that are subject to external audits of data or networks, or cyber security systems, being affected by an incident like this (whether directly or indirectly) will require not only mitigation, but careful documentation of that mitigation to satisfy the standards and criteria of those external auditors.
  • Do we need help from the outside? Getting an external examination of the system can go a long way toward proving that you were unaffected by a breach or that remediation has been completed. This can go a long way toward satisfying concerns of current or potential clients and business partners, even if not subject to formal auditing requirements.
  • When was the last time we evaluated our overall cyber security plan? A cyber security posture is not something that can be set and then forgotten. An ongoing process of re-evaluation and updates should be occurring, both on the technical side via patching and change management but also on the management side via policy, training, and overall organizational posture.

The SolarWinds hack has highlighted the changing landscape of software providers in the supply chain, cyber security, and the vulnerabilities that can be present even if the breach occurs elsewhere in the organization’s supply chain. But the resulting changes can help us prevent or mitigate similar attacks in the future. With a little introspection and ongoing monitoring of the internal and external threat landscape, the organizational effects of the upheaval can be minimized, and clients and business partners can be properly assured that their data and communications are safe.

As always, if you need information or assistance with cyber security or auditing issues, please feel free to contact our RubinBrown Cyber Security team at any time.

 

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

 

 

 

Contact Us:

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2025 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance