Microsoft President Brad Smith said Wednesday that SolarWinds’ massive cyberattack was a wake-up call for cybersecurity, but it appears to have been heeded by both the U.S. government and the technology and business world in recent months.
Smith called the attack on the IT software vendor a “galvanizing moment,” because it brought to light the complexity of the Russian government’s cyber espionage groups and the associated networking of the software supply chain.
The attack on SolarWinds, which according to U.S. intelligence reports was probably launched from Russia, affected the systems of the IT software provider SolarWinds and installed malware in an update of the company’s popular Orion products.
Thousands of SolarWinds customers installed the faulty update, allowing hackers to infiltrate their systems.
Federal authorities, major technology companies and hospitals were among the targets of the attackers. The Russian government has denied any involvement.
In addition, there has been an “extraordinary surge” in disinformation emanating from the same foreign governments involved in ransomware attacks and nation-state cyberattacks, he said.
Smith says part of the solution is for both government and businesses to invest more in cybersecurity, including hiring more workers to fill the hundreds of thousands of unfilled cybersecurity jobs in the U.S.
He said that many ransomware attacks can be prevented or significantly mitigated if basic cybersecurity practices such as patching software and holding systems are carried out. But, this is difficult to do if companies lack the cybersecurity workers they need.