getty
With annual audits under way, the SolarWinds breach spotlights a couple of major corporate governance gaps—the urgent need for better IT controls and limited board audit committee tech expertise. Such voids are precisely what cyber-criminals exploit.
The SolarWinds hack, among its many targets, affected leading tech firms and top government agencies. Unlike the infamous 2013 Target data breach when cyber-thieves stole vendor credentials to access confidential data, the SolarWinds hackers embedded malicious code in a trusted supplier’s software update. The approximately 18,000 customers that downloaded the code were potentially vulnerable to an attack.
The malware is confirmed to have breached networks at prominent organizations including Cisco, Intel, Deloitte and U.S. Departments of State, Treasury and Homeland Security. The alarming news surely leaves boards wondering aloud whether their companies’ technology infrastructure is truly secure.
Audit questions
Major audit firms are asking the same questions and, accordingly, have further upped client IT controls scrutiny. Given this shift away from arcane accounting inspections, boards…
