Review each case from the following standpoints:

a$)$ Governance, security planning, policies and procedures

b$)$ Ethical, legal and security aspects

c$)$ User engagement

d$)$ Business management

e$)$ Integration among departments and groups

Breach $3$: SolarWinds

In September of $2019,$ a group of hackers covertly gained access to SolarWinds, a company that develops enterprise IT and cybersecurity software. The attackers tested and deployed Sunspot, a piece of custom malware, targeting Orion, one of SolarWinds$$ products. Sunspot secretly added a backdoor to Orion, which was then digitally signed by SolarWinds$$ update system which made it appear legitimate and pushed to customers through software updates. The backdoor allowed the attackers to install additional malware, known as Teardrop, onto the networks of SolarWinds customers, causing a massive breach of confidentiality and integrity.

SolarWinds did not become aware of the attack until December of $2020$ when FireEye, another cybersecurity company, discovered the backdoor while investigating how they themselves had been breached. In the ensuing investigation, it was determined that the attackers had used the backdoor to attack approximately $100$ companies including Boeing and $9$ federal agencies, including the United States Department of Defense and Justice Department. The attack has been publicly attributed to Russia by multiple United States government organizations, including the FBI and NSA. This attack is one of the largest and most serious cases of cyber$-$espionage in history.