It's been a bit. Um, he had sat silently inside the Solarwinds code for some time before anyone ever found out about it. It was, I think they said it was a mistake someone made that end up tipping their hand that they were inside people's organizations. So if he is indeed going to go with what he's going to do, he showed us the playbook when he invaded Ukraine.
It started out with a- multiple cyber attacks against their communications infrastructure and then um, followed by a lot of physical punishment. So the bombs and everything that you see on TV right now, that's- that's great for- for news and TV but it was uh, a big wave of cyber attacks and advanced to that, to that attack, that physical attack. So, I don't know what the right answer is for every business because I can't be involved in each one of their uh, their-their I guess leadership meetings. But it really is the playbook for how to defend yourself and be ready for it. It already exists.
Sarah (08:33)
But isn't our country prepared to defend these cyber attacks?
James (08:39)
That- maybe at some level. Um, but we've already learned- [laughter] Oh God, don't get me started. So, the- the-the news we keep hearing out of CISA and out of NIST are these vulnerabilities that are known today that they're saying all government entities must shore up to take a mandatory list unless it's a head fake, which would be a great head fake but unless it's a head fake that they're giving the entire world that means that our- our government hasn't even patched for these things.
So you know how Centre does
vulnerability scans on a weekly basis with our customers and then those weekly vulnerability scans create a priority list of what vulnerabilities exist inside the environment then at our next change window we do all the patches. If they're critical we do immediately. Yeah, that's not happening in all of our governments. Uh, all the divisions in our government.
So when you say "aren't we prepared to defend it" we might be prepared to go on the offensive and attack back but we're definitely not prepared to catch the-the-the, I guess the attempt that Putin will make to go after all of our uh, economy. Most experts I listen to say that we're way behind there. I heard um, Biden actually state that for the last few months we've been shoring up our defenses. Well, that's scary. We probably should have been doing that for like the last-
Sarah (09:55)
Two years?
James (09:56)
Maybe longer. [Laughter] So that's a little nerve-wracking but yeah. We should be good at that. Um, today if I had any advice for a business owner, it would be take a copy of your data, go buy some external hard drive, and put a copy off-site, offline, without- without it touching your network. Go ahead and do that today, 30 days from now, you might regret that purchase because you may never need it. You may never touch it but if you are hit by something and the first thing they do is delete your backups, which is a- a common task that they take, delete the backups and show that they have power, and then you're going to pay your ransom- you're going to be really glad you have at least an old copy of your data.
The second thing is, uh, backups have to be segregated from the environment. They cannot sit on the same subnet as the rest of the servers and the production environment. If they are living that way today then your backups are generally useless in the event of a- a- a breach like we've seen recently. The- the next thing, a proactive threat hunter has to be there. We cannot rely on human eyes and human touch to do this. We're going to need some machine learning in-in the environment to- to scan and look for these uh, behavior anomalies that are- that are really just showing us where the encryption is. In fact, we just helped the group out where Microsoft alerting showed us where uh Avos- AvosLocker out of Russia was inside their environment and it picked right up on- on when they started encrypting systems and when they started building admin accounts and when they started creating mail direct redirects all that was labeled out in their alerts.
So you got to be looking at that and if one man is all you have on your IT staff, there's no way they can do it all. And then last, we've got to start doing vulnerability scans and looking at where is it what we have gaps and how do we prioritize it. If you can pull those things off, we can put an incident response plan together that gives you an idea of how you're going to communicate and how you're going to respond the day it occurs but there's no sense in building that incident response plan if you're actively putting those measures in place still. You should have at least the communications at the executive level but if you're making changes to the plan as you're- as you're building the plan it's kind of hard to really construct it, right? So we got to do it in a sequence.
We're kind of too late, I mean in some ways this has already started so uh if we want to have the conversation of where do we start first we need- we need to get involved with whoever your IT provider is today. Take those four things I told you and bring them up with your IT provider. If you don't have one, call us, but if you do have one bring them up. Make sure that you have confidence in those four areas. That's all we can do at this point.
Sarah (12:25)
Yeah it's like insurance, like your last window before the-
James (12:30)
Yeah, yeah we've all been through insurance events. If this was a storm, and floods- floodwaters were rising, and your neighbors had flood insurance and you didn't, and you said "man what are you going to do?" and your neighbors go "well I've got flood insurance, I'm not too worried." you're going to regret not having that but, you can't buy flood insurance in the midst of a flood. Similarly, you can't buy preventative measures once you're breached that's, yeah, not a good place to be.
Sarah (12:56)
Yeah, you'll be outside stacking sandbags, praying that the water doesn't go through.
James (13:00)
Yeah, but we haven't seen a war like this. That's the last piece on this I'll mention, that we've seen so many wars, that we've studied in our upbringing, we've studied in school. We've never seen a war built around cyber attacks.
Sarah (13:11)
Right, no one knows what to expect.