Exclusive: SolarWinds CEO calls for an end to ‘victim shaming’
Shaming the victims of cyberattacks is counterproductive, says SolarWinds CEO
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
SolarWinds CEO Sudhakar Ramakrishna has called for an end to cyberattack “victim shaming”, which he says contributes to an unwillingness among companies to share vital intelligence.
In an exclusive interview withTechRadar Pro, Ramakrishna spoke about the difficulties his company faced in the aftermath of the infamous hack, whichcame to light in December 2020.
A central tenet of the SolarWinds response strategy was transparent communication, but Ramakrishna says the inclination to scold cyberattack victims means many companies opt for a more secretive approach.
“There is still a lot of victim shaming that happens, so companies often end up fixing problems without saying anything about them. There is definitely hesitation to speak up,” he told us.
“The idea that an attack could happen to anyone has become more prevalent, but that does not absolve you of the fact that it happened to you. Every company will have a crisis or two, but what matters is how management reacts and how the firm collaborates with third-parties.”
SolarWinds attack
Until 2020, SolarWinds was an unknown quantity to many people outside the technology sector. However, the IT monitoring company found itself in a state of crisis when it emerged that cybercriminals had infiltrated its network and injectedmalwareinto a software update.
Thispatchwas delivered to many thousands of customers, including government agencies and Fortune 500 businesses, leading to the compromise of hundreds of additional networks and the theft of large quantities of sensitive data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The supply chain attack has been described as one of the most significant attacks in history, as a result of its scope, sophistication and knock-on effects on thecybersecurityindustry.
Although SolarWinds has managed largely to right itself since the attack, with customer retention levels now returning to pre-attack levels, the incident had severe effects on the company’s bottom line. But there is evidence to suggest the right lessons have not been learned in the wider security community.
Google launches fuzzing tool to tackle SolarWinds-style attacks>Friend and foe: The little-known pact at the heart of cybersecurity>Log4j attacks are still a major threat, Microsoft warns
Since the SolarWinds attack, a number of similar high-profile cybersecurity events have taken place; there was theKaseyaattack,Log4jand the recentOkta-Lapsus$ incident.
Asked why supply chain attacks continue to occur, Ramakrishna told us that the nature of the security industry hands an advantage to the attacker.
“This is not just a technology issue, there’s a lot more to it,” he said. “Each one of us is defending against an attacker. But on one side is a coordinated army with a singular purpose, to attack, and on the other is a set of fragmented soldiers.”
“In the event of an incident, it’s important to leverage help from the community. We need to make people aware of issues faster; that mindset needs to establish itself in software security.”
A write-up of TechRadar Pro’s full conversation with Ramakrishna will be published in the coming weeks.
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Red One isn’t perfect but it proves we need more action-packed Christmas movies
