Why ‘blaming the intern’ won’t save startups from cybersecurity liability

SolarWinds is back in hot water after a shareholder lawsuit accused the company of poor security practices, which they say allowed hackers to break into at least nine U.S. government agencies and hundreds of companies.

The lawsuit said SolarWinds used an easily guessable password solarwinds123" on an update server, which was subsequently breached by hackers likely Russian in origin." SolarWinds chief executive Sudhakar Ramakrishna, speaking at a congressional hearing in March, blamed the weak password on an intern.

There are countless cases of companies bearing the brunt from breaches caused by vendors and contractors across the supply chain.

Experts are still trying to understand just how the hackers broke into SolarWinds servers. But the weak password does reveal wider issues about the company's security practices - including how the easily guessable password was allowed to be set to begin with.

Even if the intern is held culpable, SolarWinds still faces what's known as vicarious liability - and that can lead to hefty penalties.