Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Author: Scarinci Hollenbeck, LLC
Date: May 26, 2021
The Firm
201-896-4100 info@sh-law.com
As the SolarWinds breach made clear, one supply chain attack can wreak havoc on thousands of organizations. The wide-scale cyberattack also revealed how easily an entity’s IT systems can be compromised by the vulnerabilities of an entity’s software vendors and other third parties.
In 2020, a high-profile supply chain attack occurred against SolarWinds, a provider of network management software. The vendor was unknowingly hit with a malware attack and the breach resulted in the malicious code being inserted into a software update, which was then transmitted to 18,000 SolarWinds customers, including the U.S. Department of Defense, Department of Commerce, Microsoft, and Cisco. The code created a backdoor to the impacted entities’ information technology systems, which hackers then used to install additional malware that allowed them to spy on companies and government agencies. The hackers were undetected for months, with the breach first discovered by a cybersecurity firm that noticed its own system was compromised.
The SolarWinds Attack is the most high-profile and invasive IT software supply chain attack to date. It demonstrates how dangerous embedded malware inside a legitimate product can be. If left unchecked, it can allow hackers to access the networks of many organizations using one piece of code.
The SolarWinds attack, which has now been linked to Russian-backed hackers, resulted in numerous government investigations and hearings. Most recently, the New York State Department of Financial Services (NYDFS) released its report on the cyberattack.
The NYDS Report on the SolarWinds Supply Chain Attack summarizes the SolarWinds Attack, as well as the response by NYDFS-regulated companies. It also identifies four “key cybersecurity measures” that can reduce supply chain risk.
Overall, NYDFS found that companies under its oversight responded quickly. According to the report, 94 percent of the reporting companies removed the vulnerabilities from their IT systems within three days of the SolarWinds Attack’s announcement. However, NYDFS also found that some companies were not applying patches as regularly as needed to ensure timely remediation of high-risk cyber exposure.
Most importantly, the NYDFS identifies the following cybersecurity measures as critical practices when evaluating the risks posed by vendors and similar third parties (Third Party Service Providers):
As the NYDFS report notes, there is no silver bullet that will stop all supply chain attacks. Nonetheless, there are steps companies can take to reduce the risks posed by vendors and other third parties. We encourage all businesses to review their cyber security policies and procedures to ensure that include measures to mitigate third-party risk.
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Few situations create more uncertainty than learning that an employee has filed a whistleblower complaint. Questions arise immediately: Is the allegation legitimate? Should the employee be placed on leave? Do we need to notify our insurance carrier? Are we now prevented from disciplining the employee if there are unrelated ongoing work related issues? There is […]
Author: Sean M. Pena

When a business reaches the point where it can no longer service its debts or otherwise resolve its liabilities, management is often faced with a difficult question: is a bankruptcy filing necessary or is there another way to perform an orderly liquidation or sale of the business assets? While Chapters 7 and 11 of the […]
Author: John D. Giampolo

For many years, the New Jersey Mansion Tax has been a significant consideration in high-value real estate transactions. Recent legislative changes, however, have substantially altered how the tax operates, including who is responsible for paying it and the amount owed in certain transactions. Whether you are purchasing, selling, or investing in New Jersey real estate, […]
Author: George McGowan

As our personal and financial lives increasingly move online, estate planning must evolve to address a new category of property: digital assets. From email accounts and social media profiles to cryptocurrency and cloud-stored business records, these assets often carry both financial and sentimental value. Yet, without proper planning, they can become inaccessible—or even lost—upon incapacity […]
Author: Marc J. Comer

In today’s mergers and acquisitions market, representation and warranty (R&W) insurance has become a common feature of deal negotiations. Once used primarily in larger transactions, R&W insurance is now frequently incorporated into middle-market deals as buyers and sellers look for efficient ways to allocate risk and close deals. When structured properly, R&W insurance can help […]
Author: George McGowan

Receiving a federal grand jury subpoena is not something most businesses or individuals anticipate. While it can be concerning, a federal grand jury subpoena does not necessarily mean that you are being accused of wrongdoing. It does, however, mean that a federal criminal investigation is underway and that federal prosecutors believe you may possess information […]
Author: Sean M. Pena
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!