SolarWinds: What Happened, And How Can We Stop It In The Future?

SolarWinds: What Happened, And How Can We Stop It In The Future?

“solarwind123”

In 2020, the SolarWinds hack showcased the opportunity to compromise the supply chain of software provision. Within this, intruders were able to insert a backdoor into their software, and digitally sign the updates, so that they were trusted. So, SolarWinds now faces the potential of legal action from US regulators. For this, on 23 June 2023, the US Securities and Exchange Commission (SEC) defined that the company broke federal securities laws for its public statements and on the internal controls used in the company:

In the SEC notice, it is defined that is that the SolarWinds software was used to access the unclassified email network with the Departments of Justice, the Department of Homeland Security, and other agencies. It should be notice that this is not an implication of breaking the law, or is a formal change. Basically, the SEC allows the process of understanding where the faults lie, and to rein fines against the company if it was at fault. This, it would be hoped, would provide future motivation for companies to improve their cybersecurity.

Several have highlighted the potential for weak practices at SolarWinds, including the CEO blaming an intern for setting a default password of “solarwind123” [here]:

SolarWinds share price dipped on Friday after the news, and generally, the valuation of the company has more than halved since the hack:

Conclusions

Companies must continually improve their cybersecurity, and not wait for fines to hit them. CEOs need to be switched on. If you are still struggling to buy that new firewall, then tell them that SolarWinds has lost half its value, and that may help. There’s a carrot and a stick here, and it is the carrot that should always win.