Experts laud SolarWinds post-attack efforts, but why’d it take a massive cyber incident to make changes?

This is a bit naive. It’s always been the case that perceived risk is what drives change, not whatever the ‘experts’ say…:

[…] “We know a lot more than we did a couple of weeks ago. There has been a lot going on from an investigation perspective, including the analysis of tools and from outside companies. The last thing we wanted to do is to put out information that we were not confident about, and I think every day our confidence increases that we are getting a better handle on what happened, and how to prevent it from happening in the future and to help customers prevent it in the future,” said a SolarWinds official, who requested anonymity in order to speak about the ongoing investigation. “When we began our remediation efforts and looked inside our operations, the third parties we brought in discovered the attack had nothing to do with SolarWinds. Our customers understand that this could’ve happened to them as easily as it happened to us. This was a unique and unprecedented incident.”

Experts say recreating that trust with their federal customers means having to go above and beyond with internal changes and taking responsibility for the attack.

“A lot of what they are doing is probably overkill. They are showing they are not just the basics, but changing everything and taking security into overdrive to re-establish that trust,” said Bryson Bort, a senior fellow for cybersecurity and emerging threats at R Street Institute, a think tank, in an interview.

The Cybersecurity and Infrastructure Security (CISA) Agency at the Department of Homeland Security said the attack affected 18,000 public and private sector customers of SolarWinds’ Orion product, including 10 federal agencies.


Original article