Few cybersecurity breaches have caused more consternation among industry experts than the far-reaching 2020 attack against SolarWinds. In fact, concern has built up throughout the cybersecurity community as new details come to light.
In an (ISC)2 survey of 303 cybersecurity professionals fielded from February 10-28, 2021, a solid majority of respondents (86%) said they would have rated the breach “very” or “extremely severe” when they first learned about it. However, roughly six weeks after the incident was reported, as more details emerged, the number of respondents who indicated that the breach was “severe” increased from 51% to 55%. On a scale from 1 to 5, the perception of the severity of the breach also increased over time, from an average of 4.34 initially up to 4.37.
This perception of increasing severity is atypical of most breaches. Headlines tend to fuel speculation in the immediate aftermath of a public disclosure, which is then tempered by remediation of the threat. In other words, severity spikes in the short term and decreases as more information becomes available.
As the chart below depicts, the SolarWinds incident bucked that trend in the eyes of cybersecurity professionals, who see it as a Pandora’s Box that affects a broad range of organizations and reaches deep within their infrastructure. As one respondent noted, “If you had a “catastrophic” rating [option], I would have picked it.”
“Initially the severity and impact was greatly downplayed,” noted another respondent. “The more I know, the less I want to. It was worse once the details emerged.”
What Happened?
SolarWinds reported to the Securities and Exchange Commission (SEC) that up to 18 ..
Support the originator by clicking the read the rest link below.
