government agencies and Fortune 500 companies used to monitor their own networks.
“There’s a lot of hand-wringing going on in the background, and companies don’t know what the next step is.”Īustin, Texas-based SolarWinds developed and supplied network management software that top U.S. Many private companies are discussing internally whether they should go public about being breached if there’s no evidence of any data being manipulated or stolen, Williams said. Government agencies and private companies also have to figure out if the network breach led to any loss of data and whether they have to alert Congress and customers as required by law, Williams said. “The true cost could be hundreds of billions of dollars,” Williams said, when one considers the incident response cost for each breach multiplied by the 18,000 entities that fell victim.
“The reality is everybody is spending resources right now” on trying to figure out how far the hackers penetrated computer networks and how to get rid of them, said Jake Williams, a former National Security Agency hacker who is now the founder of Rendition Infosec LLC, a cybersecurity firm. If the attackers are not fully eliminated from government and private company networks, they could choose to use their presence for more destructive purposes, Cilluffo said.įinding and eliminating the adversaries’ presence on networks is likely to be a costly affair, one expert said. While the initial intent of the attackers may primarily have been espionage, they could change their motive, Cilluffo said. agencies were potentially compromised by follow-on activity and the FBI and the intelligence agencies are “working to identify the non-government entities who also may be impacted,” the statement said.