Legendary security technologist, Bruce Schneier, recently wrote an article in The Guardian summarizing the impact of the SolarWinds security breach last month, and it’s probably a lot worse than people think. (The breach that is, the article was great!). If you don’t know the gory details of the attack, our CTO, Bryan Skene, covered it nicely here. Schneier was also quoted in an earlier analysis of the hack by noting how extensive the breach was throughout many of our nation’s most sensitive military and industrial networks, and, in fact, the extent of the compromise in each network, or how many networks, may not be known for years.
The compromise of ubiquitous network management software from SolarWinds announced today is the most recent reminder of how vulnerable existing networks still can be even with layers of security tools and policies in place that have built up over the last several decades. History may show that this was the most extensive and impactful cybersecurity attack ever when the vulnerability allowed complete compromise of the network traffic and hosts for more than 425 of the US Fortune 500, all ten of the top US telecommunications companies, all branches of the military, the top five US accounting companies and hundreds of universities and colleges.