[ Ссылка ] Pretend that Vladimir Putin tunneled into Pfizer’s COVID-19 vaccine manufacturing plant and replaced legitimate vials of the vaccine with COVID-INFECTED doses. The vials, which look exactly like the real thing, are then distributed to every health facility in the country. By the time the switch is discovered, millions of Americans have been injected, infected and sickened.

This is called a supply chain attack, where the enemy exploits a weak link in a complex assembly line long before the final product ever makes its way into your life. And that’s exactly what Putin just did to American organizations, large and small.

Here’s what happened. Over a year ago, Putin ordered his Foreign Intelligence Agency to digitally tunnel inside Texas-based SolarWinds software (among other companies) and implant malicious code into their most popular products. As it turns out, SolarWinds isn’t just any software company; they help power the networks of 85% of Fortune 500 companies and nearly every governmental agency, including the Departments of Defense, Energy and Treasury. In other words, the people who hold the keys to our atomic weapons, nuclear power plants and economic impact checks had their systems quietly infected by a piece of software that everyone considered friendly. Even cybersecurity firms like FireEye, CrowdStrike, McAfee, and Symantec were compromised, along with Microsoft, Cisco and thousands more. The attack was highly sophisticated, nearly impossible to detect and left completely unaddressed by the last administration. Which means it will all happen again and so we should be prepared.

There are four key lessons from the SolarWinds hack: One - It isn’t the SolarWinds hack. Call it the 2020 Russian Hacking of the US Government. Call it the Putin Bare Chested Trojan Attack, but don’t call it SolarWinds because it infected far more primary software providers than just them. We oversimplify it when we call it SolarWinds. Two - Most organizations don’t have the capability to catch malicious code inserted into otherwise trustworthy software, which means that Three, your best defense against a supply chain attack is a QUICK defense. You need to proactively hunt down and catch the “faulty vaccine”, so to speak, before it has a chance to spread further. To pull this off, you need a dedicated cybersecurity budget AND highly trained staff, internal or external, to put it to use. And Four, if you are a small business, know that you’re not exempt from the SolarWinds hack, as you probably use cloud software that runs on these very same compromised products.

Statistically, the average business executive will assume that someone else in their organization is already handling it. That the IT department has it covered. They don’t. They need immediate leadership from you to start the conversation, whether you have ten employees or ten thousand. If you’d like additional resources or want to share your experiences, let me know in the comments section and I’ll point you in the right direction. Stay safe, stay vigilant and stay tuned for our next video on defending the data that defines your life.

свернуть