The former information security consultant at SolarWinds, a software company that produces software for monitoring and managing IT resources, warned management about security threats and even proposed a plan to eliminate them, but was never heard.
In a 23-page PowerPoint presentation that fell into the hands of Bloomberg News reporters, security expert Ian Thornton-Trump recommended SolarWinds management to appoint a senior security officer three years ago. The consultant insisted that “the company’s survival depends on a responsible attitude to safety.”
The following month, Thornton-Trump severed ties with SolarWinds after realizing that the company’s management was not interested in significant changes. According to an information security expert, as well as one of the former software engineers of SolarWinds, with whom Bloomberg News managed to communicate, given all the cyber risks, a large-scale hack was inevitable.
SolarWinds’ security concerns were shared by other security researchers, who discovered what they said were clear security holes in the company whose platform was used in a massive cyber espionage operation .
“I think SolarWinds was an incredibly easy target from a security standpoint,” Thornton-Trump said.
When asked by Bloomberg News about the 2017 presentation and other security issues identified by researchers, a SolarWinds spokesperson said: “Our top priority is to work with customers, industry partners and government agencies to determine if a foreign government orchestrated this attack, better understand its full scope and help meet any emerging customer needs. We do this work as quickly and transparently as possible. We will have enough time to look back and we plan to do it in the same transparent way. ”
Thornton-Trump was an employee of LogicNow, a UK-based cloud technology company acquired by SolarWinds in June 2016. A specialist with twenty years of experience in information security helped LogicNow to make a name for itself in the IT market from scratch. In 2017, he gave his presentation with recommendations to at least three SolarWinds CEOs, but his warnings were ignored.
“There was no safety at the technical level of production, and there were a minimum of safety directors in the management. In 2015, we knew that hackers were looking for every possible route into the business sector. But SolarWinds didn’t adapt. This is a tragedy. There were many lessons to be learned, but SolarWinds was oblivious to what was happening, ”said Thornton-Trump.