Former SolarWinds adviser says he warned of lax security years before suspected Russian hack
- Former SolarWinds security adviser Ian Thornton-Trump says he warned management of cybersecurity risks and laid out a plan to improve it in 2017 but was ignored
- ‘My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,’ Thornton-Trump says
A former security adviser at the IT monitoring and network management company SolarWinds said he warned management of cybersecurity risks and laid out a plan to improve it that was ultimately ignored.
In a 23-page PowerPoint presentation reviewed by Bloomberg News, Ian Thornton-Trump recommended to company executives in 2017 that SolarWinds appoint a senior director of cybersecurity, and said he told them that “the survival of the company depends on an internal commitment to security”.
The following month, he terminated his relationship with the company, saying he believed its leadership wasn’t interested in making changes that would have “meaningful impact.”
Thornton-Trump, as well as a former SolarWinds software engineer who talked to Bloomberg News, said that given the cybersecurity risks at the company, they viewed a major breach as inevitable. Their concerns about SolarWinds are shared by several cybersecurity researchers, who discovered what they described as glaring security lapses at the company, whose software was used in a suspected Russian hacking campaign.
“My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,” said Thornton-Trump, now the chief information security officer at threat intelligence firm Cyjax.