This article is not about "who did what wrong" or "what nation-state commenced this attack." It's really more about is, "if I am a Director, what should I be thinking about the SolarWinds attack?"
It is no surprise that the SolarWinds cyberattack of December 2020 continues to be in the news on a daily basis. Why? First, it was likely a sophisticated nation-state attack. It likely affected upwards of 30,000 clients of Solarwinds. It definitely affected many United States Government agencies also. The attack was sneaky and continues to be very hard to find on affected networks. Most importantly, it happened in an area that many people had not previously considered a risk — a regular update on a critical vendor software package that many companies have installed, get regular updates on, and, when updates are issued, they just press the button to stay "install."
Originally published by Cybersecurity Law & Strategy
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.