SolarWinds expenses due to cyber attack amounted to $3.5 million
SolarWinds expenses due to cyber attack in its supply chain amounted to $3.5 million, including incident investigation and remediation costs. It will take the US government from a year to 18 months to fully recover from the SolarWinds hack.
SolarWinds noted additional expenditures after paying for legal, consulting and other professional services related to the December hack. However, according to company representatives, even higher costs are expected in the future.
“We expect an increase in expenses on insurance, finance, compliance with regulatory requirements, as well as compliance with tightening legal and regulatory requirements,” – the company explained.
The overall loss from the supply chain attack is likely to be mitigated by SolarWinds’ $15 million cybersecurity coverage, which is expected to cover a significant share of the additional breach and response costs.
The software maker also said that the company is currently the subject of numerous lawsuits, investigations and inquiries. This applies to “local and foreign law enforcement agencies and other government departments, including the Department of Justice, the Securities and Exchange Commission, and state attorneys general.”
Let me also remind you that about 30% of SolarWinds attack victims were not SolarWinds customers.
SolarWinds is also being investigated for possible violations of the EU General Data Protection Regulation (GDPR) and various other data protection and privacy provisions. The company and its current and former executives are also pending a series of class action lawsuits for violations of federal securities laws.
Acting Director of the Department of Homeland Security’s Cyber and Infrastructure Security Agency (DHS CISA) Brandon Wales told MIT Technology Review that only in 2022 authorities will be able fully protect government networks affected by hacker attacks on the supply chain.
“I wouldn’t call this simple. There are two phases for response to this incident. There is the short-term remediation effort, where we look to remove the adversary from the network, shutting down accounts they control, and shutting down entry points the adversary used to access networks. But given the amount of time they were inside these networks—months—strategic recovery will take time”, — Brandon Wales says.
According to the head of the agency, it will take the US government from a year to 18 months to fully recover from the SolarWinds hack. Even a complete understanding of the extent of the damage will take months.