With a global pandemic, a contentious election and economic shocks, 2020 was a year of endless crises.
And we weren’t even yet aware of one of them.
While the world was locking down last spring, hackers were quietly infiltrating the systems of Fortune 500 companies, government agencies and branches of the United States military. Using software from SolarWinds as a means of access, they went undetected until December 2020, when their discovery triggered an international response.
At Boardroom Insiders, our mission is to track what’s top of mind with C-suite executives and keep up with their organizations’ shifting priorities. While the SolarWinds hack has been underreported, it’s a big concern in C-suites and boardrooms around the world. Here’s what you need to know:
We still don’t know how far it goes
Since the hack first came to light in mid-December, the investigation has ranged far and wide with new developments surfacing on a near-daily basis. While Russian hackers were originally thought to be behind the hack, recent reports suggest China was also involved.
The extent of the hack is almost impossible to fathom. Before the hack, SolarWinds had emerged as a key software supply chain player, and almost all Fortune 500 companies used SolarWinds technology for network monitoring. Major federal agencies such as the Department of Defense and the Department of the Treasury also used SolarWinds tools.
Exposure was huge at a micro level, as well. The hack began as early as September 2019, and affected software updates were distributed to almost 18,000 customers between March and June 2020, right when the pandemic took center stage.
Although the pandemic was frequently discussed on earnings calls in 2020, the SolarWinds hack has been more of an elephant in the room, per our research. Make no mistake: The scale of this hack has many executives and technology leaders doing damage control behind the scenes, and that will continue indefinitely. But executives likely want to avoid talking about it, and analysts are not asking a lot of questions--yet.
Fixing this will be difficult
The SolarWinds hack exposed security flaws in many cybersecurity layers, and addressing the fallout will come with a hefty price tag, potentially as high as $100 billion. The Biden administration has also stepped in with a $9 billion proposal to address the fallout.
At a nuts-and-bolts level, the SolarWinds hack has also spotlighted a need for more trustless systems and decentralization, an even broader trend that includes social media and blockchain technologies. Basically, the idea is to distribute assets to reduce overall third-party vulnerability. With this approach, the attack surface is seemingly everywhere and nowhere at the same time.
Integrated tools such as cloud computing and APIs have brought systems closer together and made them heavily dependent on one another, a development that is hard to reverse.
Get ready for a boom
Even before the SolarWinds hack, cybersecurity professionals were in demand. In fact, the number of information security analysts is expected to grow 31% over the next decade, according to the U.S. Bureau of Labor. But for some, that growth has not been fast enough. Many have decried an overall talent shortage in the cybersecurity field, a problem targeted in the Biden proposal. Today, we’re seeing the impact of the talent gap. In addition to recruiting bright minds, look for companies to prioritize CIOs, CISOs, data privacy officers and CTOs in their talent acquisition to lead major security audits and overhauls.
What vendors need to know
The good news for vendors is that this historic hack has likely loosened the purse strings for cybersecurity spending. These budgets were already expected to be steep in 2021, but we can expect them to climb more, as high-profile hacks have historically resulted in “blank check” cybersecurity mandates.
The bad news is that vendors will be under intense scrutiny as Boards and C-suites will certainly want to put them through their paces; the spotlight is on the solution providers. For those able to gain the confidence of C-suites and boardrooms and solve their problems, the opportunity could lead to bigger enterprise deals that supercharge revenue and growth.
What they’re saying
“We continue to learn about new victims almost every day… it’s just hard for organizations to really understand what the scope and impact of the intrusions are. But I can assure you there are a lot of victims beyond what has been made public to date.” – Charles Carmakal, FireEye CTO
“[The] Target breach shook things up. That's the first time when C-level, even the CIO got fired. Here, every customer is shaken up. I have reached and I talked to many customers. We have about 6-plus dozen meetings lined up with CISOs of some of the largest companies who want to talk to us to make sure they have taken all the right precautions and steps in place.” – Jay Chaudhry, Zscaler CEO [January 2021, Analyst Day]
“We are talking to a lot of our clients about the remediation from Solar Winds. And so we see a lot of opportunity in that space, and we’re pursuing that opportunity very aggressively.” – Horacio Rozanski, Booz Allen CEO, January 2021
“The supply chain is the soft underbelly of almost every organization on the planet and this evolving threat has crystallized the need for supply chain continuous monitoring. Organizations, now more than ever, need to know who they are connected to and how. When a breach of a trusted authority occurs, they need to be able to understand, in an instant, if they or any of their supply chain partners are exposed to the breached entities technology.” – Jennifer Bisceglie, Interos CEO [December 2020, blog]
Your Next Steps
We all need to be aware of how executive priorities are changing. Marketers should be focused on bringing the latest information to their account teams as it develops. Given that we employ a small army of really smart people to read and parse corporate earnings call transcripts and CXO interviews all day long, we can help by feeding you the latest.
What do you do with this information? Do what you have always done — align and support. Here are the four questions you should try to answer about all of your top accounts:
- How has their strategy/priorities shifted post-COVID-19?
- What are they cutting?
- Where are they investing--or doubling down?
- What can you offer that supports their current focus?
Now we want to hear from you. What’s keeping you and your team up at night, and how can Boardroom Insiders help? Let us know at firstname.lastname@example.org, with the subject line “INSIDE TRACK.”