SEC Action Against SolarWinds Changes Everything

This Is Historic: Your Internal Emails Will Be Used Against You

On Oct 30 2023 the SEC filed a compliant against SolarWinds based on the public statements it had made on its cybersecurity.  The SEC compliant compared public statements made by SolarWinds against internal emails on topics ranging from NIST standards to their Software Development Processes. More importantly, core to the SEC's compliant is based on the discrepancy between statements and actions.

A quick read of the SEC compliant shows that while a few of SolarWinds internal emails may be considered factually incorrect the bulk of the statements are the kind all companies make about their cybersecurity operations all day. Irrespective of the outcome of this case, discussing cyber vulnerabilities and not doing anything is now grounds for legal action.

New Reality: Compliance Will Not Save You, Only Countermeasures!

In the case of SolarWinds, hackers were able to access and alter source code, leading to data exfiltration attacks on their customers.  While the initial analysis pointed to a weak server password, a deeper investigation pointed to a state-sponsored attacker. Irrespective, there should have been stronger countermeasures to protect source code as the entire enterprise value of SolarWinds is their software.

The reality is that state sponsored cyber attacks represent the largest risk vector for Western corporations which are far more lethal than compliance standards.  Subsequently, SolarWinds become a force multiplier for Russian affiliated attackers by enabling the breach of thousands of companies.

Need Help Protecting Your Data: Call XQ

XQ has developed a transparent encryption scheme that generates a new key for every data objective, whether as small as an email, attachment or as large as a data lake, and then enforces strict policy-based key access. More importantly, it monitors all authorized data access requests to spot anomalies such as geo-location (SolarWinds was hit from Eastern Europe).

XQ can be used not only to protect your data but also the workflow around it. Thus, developers can utilize XQ to discuss software changes while also using the same solution as a countermeasure against data exfiltration. Similarly, manufacturing companies can utilize XQ to discuss new product concepts while also protecting the shop floor.

Call XQ for a no-obligation briefing to learn more about protecting your data from state-sponsored cyberattacks.