Breaking Analysis: How the SolarWinds Hack & COVID are Changing CISO Spending Patterns

Breaking Analysis: How the SolarWinds Hack & COVID are Changing CISO Spending Patterns

Top security pros say that the SolarWinds hack and the pandemic have accelerated a change in their cyber security spending patterns. Not only must CISOs secure an increasingly distributed workforce, but they now must also be wary of software code coming from reputable vendors, including the very patches designed to protect them against cyber attacks. Organizations are increasingly prioritizing zero trust approaches including simplified identity access management, better endpoint protection and cloud security. While leading solutions in these sectors are gaining momentum, traditional legacy offerings are being managed down from a spending perspective. 


In this Breaking Analysis, we’ll summarize CISO sentiments from a recent ETR VENN session and provide our quarterly update of the cybersecurity sector. In an upcoming episode we’ll be inviting Erik Bradley of ETR to provide deeper analysis on these trends. Here we’ll give you a first look and initial of what’s happening in the information security sector as we kick off 2021. 


The SolarWinds Attack was “Like Nothing We’ve Ever Seen”


It’s been covered in the press but in case you don’t know the details, SolarWinds is a company that provides software to monitor many aspects of on-prem infrastructure, including network performance, log files, configuration data, storage, servers, etc. Like all software companies, SolarWinds sends out regular updates and patches. Hackers were able to infiltrate the update and “trojanize” the software. Meaning when customers installed the updates, the malware just went along for the ride. 



The reason this is so insidious is that often hackers will target installations that haven’t installed patches or updates and identify vulnerabilities in the infrastructure that exist as a result. In this c ..