SolarWinds IT Management System Hacked.  Why IT matters.

Scott Silva, Tech Risk Leader, Marsh & McLennan Agency

Beginning in early 2020, major US info tech firm, SolarWinds, was the subject of a massive cyber-attack.  Potentially one of the largest in computing history.  Hackers infiltrated their systems, injecting malicious code into their popular software system, Orion.  Orion is widely used by companies to manage IT resources.  According to SEC documents, there are over 33,000 active Orion customers.

As early as March 2020, the tech giant unwittingly sent out software updates including malicious code.  The code generated a ‘backdoor’ to companies’ information and technology systems. Hackers then continued to install even more malware, helping them spy on thousands of companies and organizations.  SolarWinds admitted to the SEC that at least 18,000 of its customers installed updates that rendered them vulnerable to bad actors.

The attack was done so stealthily and went undetected for so many months that security experts believe victims may never know if they were hacked or not.  SolarWinds has many high-profile clients, including multiple US government agencies and Fortune 500 firms.  The implications could be enormous.

Who did you say?

  • US Agencies – the likes of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Administration, and the Treasury were infiltrated.
  • US Companies – also breached were behemoths like Microsoft, Cisco, Intel, and Deloitte. Even some other organizations like The Gates Foundation, Harvard, and San Francisco’s International Airport fell victim to Orion related attacks.

Why does this matter?

It comes at a time when the United States is particularly vulnerable, during a global pandemic, when our IT infrastructure is most critical.  Multiple networks have been penetrated, making it very difficult and expensive to ensure networks are safe.  The office of Homeland Security has posited that it may take years before many networks are secure again.

The SolarWinds hack reminds us, not for the first time, of the inevitability of becoming a victim of a cyberattack, regardless of how well secured an organization might.  Increased investment and focus on cyber resiliency will be critical for the industry going forward.  Organizations should select an insurance partner that will be an active partner in cyber resiliency.  Policies should contain coverage for both first-party and third-party liability, including dedicated limits for ransomware.  More now than ever, risk engineering and loss control are highly leverageable in the cyber arena.

The US Cyber Command was admitted blindsided by the attack.  In fact, it was data security company, FireEye, who first discovered the breach second-hand.  With this going down as one of the most extensive data breaches in history, we are likely to see accelerated changes in the IT management space.  Already we have seen a spirited push from IT professionals.  There is a renewed sense of vigilance and proactivity, which could just be the positive push needed to spur growth in the technology industry in 2021.