Skip to main content
banner image
venafi logo

CIOs in Hot Seat: SolarWinds Sued by Investors for Supply Chain Attack

CIOs in Hot Seat: SolarWinds Sued by Investors for Supply Chain Attack

November 12, 2021 | Brooke Crothers

Investors are seeking damages with the aim of reforming the company's policies on cybersecurity oversight. The SolarWinds attack is a wake-up call for CIOs, showing how critical it is that companies create and maintain effective code review and code signing processes.

Get Fast, Easy, and Secure Enterprise-Grade Code Signing With Venafi!
SolarWinds lawsuit claims company officials failed to monitor cybersecurity risk

SolarWinds investors have sued the company's directors, claiming that the SolarWinds knew about and failed to monitor cybersecurity risks ahead of a breach, according to Reuters.

The lawsuit names current and former directors as defendants, according to the report. Beginning in September 2019, a campaign of cyberattacks, now attributed to the Russian Foreign Intelligence Service, breached SolarWinds — a Texas-based network management software company. The threat actor injected malicious code into a file that was later included in SolarWinds’ Orion software updates, which were released to approximately 18,000 customers. The threat actor then targeted “a subset of high-value customers,” including the federal government.

CIOs, CISOs in the hot seat for cybersecurity responsibility

This puts CIOs and CISOs in the hot seat as the burden of cybersecurity falls squarely on their shoulders. Eddie Glenn, Senior Manager Product Marketing at Venafi, warned about the risk that many CISOs and CIOs “may not be thinking about but should be…Hint: the hidden villain is insecure codes signing.”

“A typical Global 5000 company likely has thousands, or tens of thousands of software developers spread around the globe…To use code signing, all of these teams need access to private code signing keys. And when that happens, the keys often get stored on developers’ laptops, build servers, or web update servers and thus become vulnerable to theft or misuse,” Glenn wrote in April of 2020.

Was code signing really to blame?

While the exact cause of this data breach is yet unknown, it is entirely possible that this could have been prevented there had been code signed artifacts throughout the code development process. These processes are extremely difficult for even the most competent team to manage manually. This is why automation is the best solution to secure every aspect of your network’s machine identities, from code signing to SSH and TLS certificate management.

Venafi CodeSign Protect offers quick and secure enterprise-grade code signing that your developers will feel confident relying. Secure your private keys from threat actors, gain full visibility into all code signing activity on your network, and improve efficiency and policy enforcement across the board with automation.


Related Posts

Like this blog? We think you will love this.
Featured Blog

With Rapid Rise in Funds Stolen from DeFi Protocols, Private Keys in Play

Massive heist begins with

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more