Ian Thornton-Trump warned SolarWinds management of cybersecurity risks and laid out a plan to address them, according to Bloomberg. The former security adviser recommended to the company executives in 2017 to appoint a senior director of cybersecurity, and his calls were ignored.

  • Thornton-Trump viewed a major security lapses inevitable at SolarWinds, whose software was used in a suspected Russian hacking campaign.
  • Thornton-Trump said SolarWinds did not invest enough into building a cybersecurity culture at the top and the technical product level. 
  • A former SolarWinds employee said the company prioritized the development of new software products over internal cybersecurity defenses.
  • Cybersecurity researchers also discovered flaws in SolarWind’s security practices.
  • In the attack, hackers installed malicious code in updates to SolarWinds widely used Orion software, which was sent to as many as 18,000 customers.
  • Some analysts believe that no matter how robust SolarWinds systems were, sophisticated threat actors can still succeed if the cost justifies the effort.
  • SolarWinds said it is collaborating with law enforcement and will continue gathering relevant information to ensure the incident does not occur again. 
  • Since it was founded in 1999, SolarWinds and its partners have been awarded contracts with the U.S. government worth more than $230 million.

SolarWinds stock is currently gaining. SWI: NYSE is up 2.85% on premarket