[BreachExchange] Exclusive: SolarWinds CEO calls for an end to 'victim shaming'

Thu Mar 31 09:37:09 EDT 2022

https://www.techradar.com/au/news/exclusive-solarwinds-ceo-calls-for-an-end-to-victim-shaming

SolarWinds CEO Sudhakar Ramakrishna has called for an end to cyberattack
“victim shaming”, which he says contributes to an unwillingness among
companies to share vital intelligence.

In an exclusive interview with TechRadar Pro, Ramakrishna spoke about the
difficulties his company faced in the aftermath of the infamous hack, which
came to light in December 2020.

A central tenet of the SolarWinds response strategy was transparent
communication, but Ramakrishna says the inclination to scold cyberattack
victims means many companies opt for a more secretive approach.

“There is still a lot of victim shaming that happens. Therefore, companies
are better off understanding an issue, fixing it and not saying anything
about it. There is definitely hesitation to speak up,” he told us.

“The idea that an attack could happen to anyone has become more prevalent,
but that does not absolve you of the fact that it happened to you. Every
company will have a crisis or two, but what matters is how management
reacts and how the firm collaborates with third-parties.”

SolarWinds attack
Until 2020, SolarWinds was an unknown quantity to many people outside the
technology sector. However, the IT monitoring company found itself in a
state of crisis when it emerged that cybercriminals had infiltrated its
network and injected malware into a software update.

This patch was delivered to many thousands of customers, including
government agencies and Fortune 500 businesses, leading to the compromise
of hundreds of additional networks and the theft of large quantities of
sensitive data.

The supply chain attack has been described as one of the most significant
attacks in history, as a result of its scope, sophistication and knock-on
effects on the cybersecurity industry.

Although SolarWinds has managed largely to right itself since the attack,
with customer retention levels now returning to pre-attack levels, the
incident had severe effects on the company’s bottom line. However, there is
evidence to suggest the right lessons have not been learned.

Since the SolarWinds attack, a number of similar high-profile cybersecurity
events have taken place; there was the Kaseya attack, Log4j and the recent
Okta-Lapsus$ incident.

Asked why supply chain attacks continue to occur, Ramakrishna told us that
the nature of the security industry hands an advantage to the attacker.

“This is not just a technology issue, there’s a lot more to it,” he said.
“Each one of us is defending against an attacker. But on one side is a
coordinated army with a singular purpose, to attack, and on the other is a
set of fragmented soldiers.”

“In the event of an incident, it’s important to leverage help from the
community. We need to make people aware of issues faster; that mindset
needs to establish itself in software security.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220331/42accc4b/attachment.html>