Skip to Content

The Aftermath of SolarWinds

Digital Andrew Struthers-Kennedy, CRMA, CISA Jun 01, 2021

The massive cybersecurity breach raises questions about infrastructure and network risks that internal audit can help answer.

‚ÄčOrganizations and officials worldwide are still sifting through the damage caused by the December 2020 SolarWinds breach, which impacted more than 250 companies and government agencies. Hackers inserted malicious code into the U.S. company's Orion IT infrastructure monitoring and administration platform.

The code spread through updates and patches SolarWinds sent to all its clients, the company's CEO Sudhakar Ramakrishna told the U.S. Senate Oversight and Reform Committee and Homeland Security Committee in February (see "Congress Raises Questions" below). The SUNBURST malware created backdoors through which hackers could access customers' systems. 

Organizations that use the SolarWinds platform may already have been attacked. Internal auditors should help determine their risk and devise safeguards against this and future attacks.

Find your local chapter.

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer? Sign in or become a member to gain access to the latest internal audit news and information today.


Andrew Struthers-Kennedy, CRMA, CISA

Andrew Struthers-Kennedy is a managing director and leader of Protiviti's Technology Audit practice in Washington, DC.