Reimagining Cybersecurity: Insights from ProPublica's Investigation into the SolarWinds Breach

Sonya Lowry • June 13, 2024

In December 2020, the world witnessed one of the most sophisticated cyber-attacks in history. The SolarWinds breach sent shockwaves through the cybersecurity community, revealing a harsh truth: no organization, regardless of size or reputation, is immune to cyber threats. However, what's even more alarming is the revelation from this ProPublica investigation that the breach was made possible by a vulnerability in a Microsoft component.


Andrew Harris, a former Microsoft employee, discovered this vulnerability but found himself thwarted by a system that prioritized short-term business interests over security concerns. Despite his efforts to escalate the issue, leadership remained indifferent, illustrating a troubling disconnect between cybersecurity and business stakeholders.


This scenario is all too familiar. In many organizations, cybersecurity is treated as an afterthought—a necessary add-on rather than a core component of operations. The relationship between cybersecurity teams and business stakeholders is often adversarial, with the former viewed as an obstacle to productivity rather than a guardian of digital assets.


To understand how we got here, we must draw parallels with past trends in quality management. In the 1990s, businesses underwent a transformation, recognizing that quality should not be the sole responsibility of a dedicated test team but rather a shared responsibility across the organization. This shift led to the adoption of quality management principles that empowered every employee to contribute to product excellence.


Cybersecurity must undergo a similar transformation. It is no longer feasible to delegate security concerns solely to a specialized team or to treat them as scapegoats when breaches occur. Cyber-risk is business risk, and it requires a collective effort to mitigate effectively.



That is why we built Sibylity by SibylSoft. Inspired by the principles of shared responsibility, Sibylity empowers organizations to manage cyber-risk collaboratively across all stakeholders. By fostering transparency and accountability, Sibylity puts an end to the blame game and excuses that have plagued traditional cybersecurity approaches.


With Sibylity, every member of the organization becomes a stakeholder in cybersecurity. From frontline employees to C-suite executives, everyone has a role to play in identifying, addressing, and mitigating cyber threats. By embracing shared responsibility, organizations can fortify their defenses against evolving cyber threats and safeguard their digital infrastructure.


The SolarWinds breach served as a wake-up call for organizations worldwide and the recent ProPublica investigation points to a critical need to rethink cybersecurity and embrace a culture of shared responsibility. Just as quality management underwent a paradigm shift in the past, cybersecurity must follow suit. Sibylity represents a bold step towards this vision, empowering organizations to navigate the complex cybersecurity landscape with confidence and resilience.


https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

Learn how Sibylity can help your business at https://www.sibylsoft.com


The Last Mile in Cybersecurity: Next Steps in Building Resilience

The Last Mile in Cybersecurity: Next Steps in Building Resilience

By Sonya Lowry October 12, 2024
In cybersecurity, the "last mile" represents the critical connection between technical controls and the people who use them every day. Without engaging frontline workers and providing them with the right tools and training, even the most advanced security measures can fall short. In this post, Sonya Lowry explains why human involvement is essential to closing the cybersecurity gap and how the Sibylity platform empowers every employee—technical or not—to be a vital part of your organization's defense strategy. Learn how to transform your last mile from a vulnerability into a strength through shared responsibility and accessible cybersecurity solutions.
The Cybersecurity Fallacy: How Your Approach Is Putting You at Risk

The Cybersecurity Fallacy: How Your Approach Is Putting You at Risk

By Sonya Lowry October 3, 2024
The traditional, centralized approach to cybersecurity is no longer sufficient for today’s complex threat landscape. Relying solely on IT-driven security measures leaves critical gaps that can expose organizations to significant risks. In this post, Sonya Lowry explains why a new, distributed model—Federated Cyber-Risk Management (FCR)—is essential for empowering every department to take ownership of their cybersecurity responsibilities. By integrating FCR, organizations can shift from reactive, IT-focused security to a proactive, whole-organization approach that balances centralized governance with shared responsibility across all teams.
Is FCR a New Human-Centered Approach to Cybersecurity?

Is FCR a New Human-Centered Approach to Cybersecurity?

By Sonya Lowry August 13, 2024
Federated Cyber-Risk Management (FCR) is often perceived as a human-centered cybersecurity approach, but it is, in fact, a process-centric methodology designed to distribute responsibility across an organization. In this post, Sonya Lowry clarifies the core principles of FCR and explains how it differs from human-centered cybersecurity while highlighting their potential synergy. By combining FCR’s structured process with human-centered design, organizations can create an inclusive, security-engaged culture where every stakeholder plays a role in managing cyber risks. Learn how to integrate these methodologies to foster a resilient, holistic approach to cybersecurity.
Anatomy of a Rhysida Ransomware Group Attack: How to Avert and Mitigate Ransomware Attacks with a Ba

Anatomy of a Rhysida Ransomware Group Attack: How to Avert and Mitigate Ransomware Attacks with a Balanced Approach

By Sonya Lowry August 10, 2024
The emergence of the Rhysida Ransomware Group in 2023 has elevated the ransomware threat landscape, as evidenced by their high-profile attacks on large organizations like New Jersey City University. In this post, Sonya Lowry breaks down the anatomy of a Rhysida ransomware attack and explains how their sophisticated techniques, including AI-enhanced phishing and double extortion, demand more than technical defenses. Discover how a whole-organization approach—integrating both technical and human-centered strategies—can help your organization prevent, detect, and respond to such attacks. From advanced monitoring tools to empowering employees with critical thinking, learn how Federated Cyber-Risk Management (FCR) builds resilience in the face of evolving ransomware threats.
Propaganda’s Silver Lining: How It Prepares Us for the AI-Driven Social Engineering Threat

Propaganda’s Silver Lining: How It Prepares Us for the AI-Driven Social Engineering Threat

By Sonya Lowry August 9, 2024
In the new era of social engineering, attackers aren’t just relying on malicious code—they’re using psychology to manipulate human behavior. With AI generating flawless phishing emails and social media posts, traditional red flags like typos and strange grammar no longer apply. In this post, Sonya Lowry explores how logical fallacies are being used by cybercriminals to trick even the most cautious individuals and organizations. By understanding and recognizing these psychological traps, you can defend against modern social engineering tactics and strengthen your organization's cybersecurity posture through Federated Cyber-Risk Management (FCR).
Bridging the Gaps in Your Cyber Risk Management Strategy

Bridging the Gaps in Your Cyber Risk Management Strategy

By Sonya Lowry August 9, 2024
Effective cyber risk management requires more than technical controls. While tools like SIEMs, vulnerability scanners, and EDR solutions help address technical vulnerabilities, they often leave critical gaps in administrative controls, which can lead to human-enabled breaches. In this article, Sonya Lowry explores the limitations of traditional risk management programs and introduces Federated Cyber-Risk Management (FCR), a transformative approach that distributes cyber risk ownership across the organization. Learn how Sibylity by SibylSoft provides continuous oversight of administrative controls, closing the most overlooked gaps in cybersecurity and fostering a culture of shared responsibility.
Parable of the elephant and the blind men

Embracing Shared Responsibility in Cybersecurity

By Sonya Lowry July 31, 2024
In today's complex cybersecurity landscape, organizations need more than traditional strategies to protect against growing threats. Drawing from over two decades of experience and insights from Total Quality Management (TQM) and NSF-funded projects, Sonya Lowry introduces Federated Cyber-Risk Management (FCR). This revolutionary approach shifts cybersecurity from a siloed responsibility to a shared, organizational-wide commitment. FCR fosters security-engaged cultures, empowering every employee to take part in cybersecurity efforts. Discover how FCR can help your organization address cybersecurity challenges, overcome skill shortages, and build resilience through collaborative, cross-functional participation.
Share by: