More than a year after the massive SolarWinds cyber-attack, targeted companies continue to feel its ramifications in reputation and financial cost. Moreover, the global software supply chain remains vulnerable to deep and severe attacks, whether they come again from Russia – now increasingly in the cybersecurity spotlight due to fears of retaliation to U.S. sanctions – or from any other party.
As long as the world continues to choose fast over secure, nothing is safe. No one knows how many potential backdoors the SolarWinds attack alone created, allowing the persistent presence of malicious actors on a seemingly infinite number of networks or when the next attack will happen, with potentially more dire consequences. For example, six months after the discovery of the LOG4J vulnerability and its patches, we know that networks and products worldwide still go unpatched and exploited in all sorts of companies, big and small.