CA Regulators' Bite: Equal to Their Bark?
Hello all, and happy Thursday!Read Now
February 9, 2021
While the SolarWinds hack has been public for some time, its repercussions continue to reverberate. The hackers, allegedly working on Russia’s behalf, broke into the IT-management firm’s system and added malicious code into a system called “Orion,” which thousands of companies and U.S. government agencies use to manage IT.
It’s estimated that some 33,000 SolarWinds customers could be impacted after the hackers installed malware into various systems to “spy on companies and information,” Business Insider reported.
Security experts are calling the hack the worst breach in U.S. history, noting it will take millions of dollars and a long time — years — for impacted agencies and organizations to fortify their systems again.
The additional nightmare here is that the long recovery ahead is obvious to companies who directly use SolarWinds. But it gets trickier to detect if someone in your supply chain uses SolarWinds.
In general, vendors don’t include a list of their sub-processors in contracting with clients. While asking for such a list before signing is becoming more commonplace, it isn’t generally part of the transaction. Are you sub-processors using SolarWinds? You should find out.
The hack is a super unfortunate reminder for all organizations to be cautious when choosing vendors and be vigilant about with whom they choose to work.
Enjoy reading, and see you next week!
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”