What Can We Learn From the SolarWinds Hack? - Ascent Conference

What Can We Learn From the SolarWinds Hack?

Cybersecurity SolarWinds Cyberattack 2020

The year 2020 ended on yet another element of unwanted drama. On December 8, 2020, reports began to emerge regarding what has become known as the SolarWinds hack. As is true in most cyberattacks, the hack didn’t begin in December. It was part of a series of attacks that went on for the two previous years against the network monitoring software firm known as SolarWinds Orion.

Suspected to have been perpetrated by Russian cybercriminals, the cybersecurity firm called FireEye first disclosed the hack, referring to the situation as a “highly sophisticated state-sponsored attack,” reported Jaclyn Jaeger of Compliance Week in December.

Now considered one of the most massive data breaches of U.S. cybersecurity in recent history, we can learn a lot from the SolarWinds hack. The breach affected government agencies, Fortune 500 businesses, and leading security firms.

Here are three critical lessons the SolarWinds Orion breach incident provided the cybersecurity industry, offering insights to businesses’ senior leaders everywhere.

1. Hackers Never Stop Adapting to New Cybersecurity Strategies

Cybersecurity professionals already know that hackers never take a vacation. Online criminals never stop searching for new ways to create havoc in systems businesses of all kinds and sizes. Cybercrime remains today’s primary threat to the global trade industry, ahead of climate and acts of terrorism. 

Online health and security have become such a vital concern that it is no longer primarily an IT issue; it is also a regulatory and legal matter with the potential to cause reputational and existential concerns among the public at large regarding a business. 

On February 15, 2021, Global Banking and Finance shared the Microsoft president’s confirmation that “more than 1,000 hackers were involved in the SolarWinds hack the world has ever seen” and claims that the cyber offenses against the U.S. continue now and are likely to continue for some time. 

This all means that IT leaders need to stay on alert as the SolarWinds cybercriminals and countless others like them continue to ply their malicious trade.

2. Every Computer System is Vulnerable to Attacks

If government agencies and high-powered organizations are vulnerable to attacks, everyone is vulnerable. No matter where a business lies in the spectrum, they can experience a hack or some type of cybercrime. Forbes points out a stark reality that anything connected to the internet could suffer an attack. 

Organizations must invest in a dedicated and resilient cybersecurity program to ensure protection, notification, remediation, and recovery. Whether working with a software-as-a-service (SaaS) platform, cloud services, or building their own cybersecurity plan, companies need to prepare and defend their systems.

3. Many Businesses and Agencies Missed the First Warning and Lost Valuable Time

Microsoft and federal agencies like the State Department, the Department of Treasury, and the National Security Agency (NSA) missed the early phases of the SolarWinds hack. If they can miss the signs of a cyberattack, all companies can. It’s no surprise that smaller companies missed it as well. SolarWinds revealed that there is a lack of communication and even community among various agencies that, if remedied, might create a protective reporting network. What can these businesses and governmental bodies do to prepare for the next intrusion?

Apply to attend our exclusive Cybersecurity Spotlight happening on APRIL 7TH, 2021. Featuring Keynotes from the VP, Chief Security & Risk Officer, Azure Microsoft, Chief Information Security Officer Allegiant Airlines, and more!

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].