Solar Winds Supply Chain Hack Wins Password Contest
Privacy and cybersecurity compliance issues are inextricably linked. In one sense, they are peas in a pod. A security breach can leak all sorts of information assets, from useless server logs to trade secrets to sensitive personally identifiable information, or PII. At the heart of many privacy compliance obligations is the recognition of a duty to make “reasonable” efforts to protect PII through technical and organizational means. Such balancing tests are necessarily a key aspect of enterprise risk management. The massive SolarWinds supply chain hack is a case in point. On January 12, 2021, security research company CrowdStrike reported discovery …