SolarWinds breach unlikely to ground Indian IT companies: Analysts | Economic Times

BENGALURU: IT services providers may not be much impacted by the recent cyberattack on US-based IT monitoring and management solutions firm SolarWinds, although the breach of a key software – for which the Austin, Texas-based company has released patches – could turn out to be a headache for user organisations, analysts said. The company said in a regulatory filing on Tuesday that its chief executive was advised by cybersecurity company FireEye on December 12 of a vulnerability in its Orion Software Platform, the result of a sophisticated cyberattack. “While security professionals and other experts have attributed the attack to an outside nation-state, we have not independently verified the identity of the attacker,” it had said.Around 18,000 of its 300,000 customers who were using the Orion platform could be impacted and the company has already released patches to plug the vulnerability, it said. Analysts, however, said the issue was still unravelling and that the impact could be the “most wide-scale hacking of corporate networks ever seen”. They said that CIOs and CISOs across organisations were deeply concerned, although it will have limited impact on Indian IT services providers. “The vulnerability was with the software platform and hence the IT services firms are unlikely to see much of an impact,” said Peter Bendor-Samuel, CEO of Everest Group. “I think this is something (on which) there is a lot of discussion going on. At this stage, we are carefully evaluating it,” said Salil Parekh, CEO, Infosys. Wipro said it does not see any impact. “Wipro does not use SolarWinds Orion product for its internal IT operations and there is no impact on the company.”According to media reports, hundreds of Fortune 500 companies have been impacted. “(But) as this is beyond the scope of most outsourcing contracts, this will actually increase opportunities for services providers in the security realm,” said Phil Fersht, CEO, HfS Research. SolarWinds had said that cybersecurity experts had discovered a “kill switch” that prevents the malicious code from compromising systems.“It is true that this has happened to clients, but the vulnerability was with the software platform and hence the (IT) services firms are unlikely to get much of the blame. What this will do is underline the need for continued investment and this will work for the services firms,” said Bendor-Samuel.Fersht said these types of attacks will benefit technology services companies as organisations would be pushed to invest more on cybersecurity.“With the leading enterprises all ramping up their cloud migrations in the wake of the remote-working shift, trust in third-party providers and cloud providers is increasing, and confidence in in-house IT eroding. We are seeing security business with the likes of IBM, Accenture, Infosys and HCL all increasing,” Fersht said.