Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Cybersecurity Law & StrategyFeaturesCybersecurityTechnology Media and Telecom

How Should Directors Respond to the SolarWinds Attack

By Paul A. Ferrillo
May 01, 2021

It is no surprise that the SolarWinds cyberattack of December 2020 continues to be in the news on a daily basis. Why? First, it was likely a sophisticated nation-state attack. It likely affected upwards of 18,000 clients of SolarWinds. It definitely affected many United States Government agencies also. The attack was sneaky and continues to be very hard to find on affected networks. Most importantly, it happened in an area that many people had not previously considered a risk — a regular update on a critical vendor software package that many companies have installed, get regular updates on, and, when updates are issued, they just press the button to stay "install."

This article is not about "who did what wrong" or "what nation-state commenced this attack." There are enough of those articles around. What this article is really more about is, "if I am a Director, what should I be thinking about the SolarWinds attack?" Indeed as noted by former SEC Commissioner Luis Aguilar on cybersecurity:

Given the known risks posed by cyber-attacks, one would expect that corporate boards and senior management universally would be proactively taking steps to confront these cyber-risks. Yet, evidence suggests that there may be a gap that exists between the magnitude of the exposure presented by cyber-risks and the steps, or lack thereof, that many corporate boards have taken to address these risks. Some have noted that Boards are not spending enough time or devoting sufficient corporate resources to addressing cybersecurity issues. According to one survey, Boards were not undertaking key oversight activities related to cyber-risks, such as reviewing annual budgets for privacy and IT security programs, assigning roles and responsibilities for privacy and security, and receiving regular reports on breaches and IT risks. Even when Boards do pay attention to these risks, some have questioned the extent to which Boards rely too much on the very personnel who implement those measures. In light of these observations, Directors should be asking themselves what they can, and should, be doing to effectively oversee cyber-risk management. (Emphasis supplied).

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.