The SolarWinds attack, which was discovered in early December 2020, was frightening on several levels. In addition to the sensitivity of the data released, and the U.S. government agencies targeted, the malware was introduced through a practice deemed essential to cyber hygiene: a software update. As NYU associate professor of computer science and engineering Justin Cappos explained in a December 20 article in Yahoo Finance, nation state actors are gravitating to such attack targets because updating software is something system maintainers are “supposed to be doing.” But, even though updates are risky, he cautioned,”If you don’t apply software updates, you’re absolutely, definitely vulnerable because old software is vulnerable software.”

Cappos was also interviewed for a December 17 article in Crain’s New York Business.