Estimated reading time: 1 minute, 56 seconds

What the Cybersecurity Industry Can Learn from SolarWinds Hack

As 2020 wound to a close, cybersecurity company FireEye was the first to report a data breach that, it later emerged, also hit multiple U.S. agencies, large companies and other organizations.

SolarwindsWhile the full scope of the hack could take months to determine, the biggest successful attack so far involved third-party software provider SolarWinds, and companies that resell Microsoft’s cloud services may also have been breached. Early assessments indicated the intrusions were the work of Russia’s SVR, the spying agency that took over from the Soviet-era KGB.

The seriousness of the attack and the wide range of victims has led to deep self-examination among cybersecurity professionals. “The main implication for me is to underline the weakness of much of the West’s cyber defences and in that respect it’s a bit discouraging, morale-sapping, it’s frankly a bit embarrassing," Ciaran Martin, who resigned in 2020 as chief of the UK’s National Cyber Security Centre, told The Financial Times.

Some cybersecurity experts said the hack shows that most Western institutions simply don’t have strong enough cyber defenses, particularly when it comes to securing supply chains. Martin said that “if this doesn’t prompt us to [fix the supply chain problem], I don’t know what will.” Many experts, including Google CEO Sundar Pichai, called for international agreements as a way of preventing global cyber attacks.

Robert Hannigan, European chairman of cybersecurity firm BlueVoyant, writes in an op-ed for The Financial Times that Joe Biden’s incoming administration can help by making cybersecurity “a much higher priority.” That would include implementing the recommendations of the Solarium Commission, such as introducing some liability for shoddy security engineering.

Bruce Schneier, CTO of IBM Resilient, argues in a Guardian op-ed that U.S. institutions ought to turn toward a “defense-dominant” approach, noting that U.S. agencies conduct cyber espionage in their own right. “We need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace,” Schneier writes.

Cybersecurity experts told Compliance Week that the hacking also underscores the need for private and publicly organizations to share information about cyber threats. “Perhaps greater visibility into what companies actually do to maintain security might be something that we insist on after this kind of event," said Dan Petro, lead researcher at cybersecurity consultancy Bishop Fox.  

Read 1858 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.