Ian Thornton-Trump warned SolarWinds management of cybersecurity risks and laid out a plan to address them, according to Bloomberg. The former security adviser recommended to the company executives in 2017 to appoint a senior director of cybersecurity, and his calls were ignored.
- Thornton-Trump viewed a major security lapses inevitable at SolarWinds, whose software was used in a suspected Russian hacking campaign.
- Thornton-Trump said SolarWinds did not invest enough into building a cybersecurity culture at the top and the technical product level.
- A former SolarWinds employee said the company prioritized the development of new software products over internal cybersecurity defenses.
- Cybersecurity researchers also discovered flaws in SolarWind’s security practices.
- In the attack, hackers installed malicious code in updates to SolarWinds widely used Orion software, which was sent to as many as 18,000 customers.
- Some analysts believe that no matter how robust SolarWinds systems were, sophisticated threat actors can still succeed if the cost justifies the effort.
- SolarWinds said it is collaborating with law enforcement and will continue gathering relevant information to ensure the incident does not occur again.
- Since it was founded in 1999, SolarWinds and its partners have been awarded contracts with the U.S. government worth more than $230 million.
SolarWinds stock is currently gaining. SWI: NYSE is up 2.85% on premarket
XTB
