Stopping the Next SolarWinds Requires Doing Something Different
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
The SolarWinds breach is not the first major supply chain breach, but previous similar breaches failed to prompt effective regulatory action. Both governments and businesses remain focused on things like cyber hygiene and information sharing, which while critical are not enough to stop the next major breach. The SolarWinds breach came in via a trusted vendor, which means even the most diligent cyber hygiene and immediate patching would not have helped. Likewise, information sharing is important, but it took nine months to detect the SolarWinds attack so by the time there was information to share, it was too late.