Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.
While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.
The SolarWinds attack is unprecedented because of "its capability to cause significant physical consequences," says University of Richmond management professor Shital Thekdi, an expert on risk management and industrial and operations engineering. The attack "impacted critical infrastructure providers, potentially impacting energy and manufacturing capacities,” she said, and created an ongoing intrusion that “should be treated as a serious event with potential for great harm.”