In late 2020, reports of the massive cyberattack on SolarWinds in the U.S. were to some degree obscured by the swirl of presidential-election and COVID-19 coverage. But the wide-ranging case of digital espionage deserves far more attention.
On the latest episode of Fortune Brainstorm, a podcast about how technology is changing our lives, hosts Michal Lev-Ram and Brian O’Keefe discuss the cyberattack with writers David Z. Morris and Robert Hackett. The duo recently completed a major feature on the cyberattack for the magazine. The piece lays out everything you need to know about the SolarWinds hack, including what took place, how it happened, and what’s at stake.
But no need to hide in an off-the-grid bunker quite yet. Morris says that though the U.S. “has room to improve its cybersecurity practices, we are still well ahead of most of the world. This is an emerging field in general, and everybody is still figuring it out.”
Also on the episode is Dmitri Alperovitch, executive chair of the Silverado Policy Accelerator think tank, and cofounder and former CTO of CrowdStrike. Alperovitch discusses the many ways somebody can perpetrate a cyberattack. For example, hackers can look at the software and other vendors a company uses and access the network through one of those channels. The most surprising thing about the SolarWinds attack is the scale of it, he says, and he estimates that it’s going to take “months, potentially even years to get to all the different networks that these guys have infiltrated.”
Rounding out the discussion is Suzanne Spaulding, a senior adviser for cybersecurity at the Center for Strategic and International Studies. Spaulding says one of the biggest problems for companies is that “CEOs and boards can quickly become intimidated or bored with the technical aspects of cyber. And so they cede the whole risk management [problem] to their technical folks.” It’s time, Spaulding says, to stop doing that.