The Three As of the Russian Government Hack: Acquisition, Aggregation, and Activation of Data – Futurum Tech Webcast

In this episode of the Futurum Tech Webcast, I was joined by my colleague, Fred McClimans, to take a look at the Russian government hack of the multiple government agencies, likely some Fortune 500 companies including telecoms and global accounting firms — and counting. We explored the timeline as we know it today, how the hack happened and the role Texas-based SolarWinds software played in the hack, how it was discovered, and the role the Three As: acquisition, aggregation, and activation of data play in a cyberattack.

For starters, it’s safe to say the U.S. in general has been stunned by this attack, and with good reason. This is easily the biggest crises the NSA has encountered and the threat and risk of exposure for critical information, security, and infrastructure is high. Early assessments point to a state actor, Russia’s S.V.R., a successor to the KGB, as the mastermind behind the cyberattack. The hackers, known by the nicknames APT29 or Cozy Bear are part of the SVR and are the same group that hacked the White House email servers and the U.S. State Department during the Obama administration. Our discussion included:

  • The timeline of the attack, first discovered by FireEye, a global cybersecurity firm, about a week ago. After reviewing some 50,000 lines of source code, the FireEye team discovered the culprit — a backdoor vulnerability in a product made by SolarWinds, a software provider serving all five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and the White House. Also 10 leading U.S. telecoms companies and top five U.S. accounting firms are SolarWinds customers, along with many other of the Fortune 500.
  • The Treasury Department and Commerce Departments were the first breaches discovered, and we now know those affected includes the State Department, the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency (CISA) is in charge of — well, cybersecurity, and there are no doubt more targets that will be discovered as the investigation continues.
  • FireEye said that its investigation had identified “a global campaign targeting” governments and the private sector that, beginning in the spring had slipped malware into a SolarWinds update. This malware gave hackers remote access to a network, making everything visible.
  • SolarWinds estimates some 18,000 users, both private and government entities, unwittingly downloaded the Russian-tainted malware as part of a routine software update.

The attack was “the day you prepare against” said Sarah Bloom Raskin, the deputy Treasury secretary under the Obama administration, and it’s safe to say there are cybersecurity experts the world over who’ve been operating on little sleep since the hack was discovered.

We talked in depth about the three As of a hack (this one or any cyberattack) as being very simple: it’s all about data. Data Acquisition, Data Aggregation, and Data Activation. Getting it, organizing it, and then figuring out how best to use it to achieve your goals, nefarious or otherwise.

The CISA issued an emergency directive this past Sunday to power down the SolarWinds software. While that is a logical, and important move, what it means is that a whole lot of very large organizations are likely “flying blind” without the use of software they’ve long relied on for access and visibility into their systems.

For a full overview of our discussion, grab the video here:

or listen to the audio on your favorite podcast streaming service here:

This hack is a direct hit to the digital supply chain and is an example of what happens above the operating system. It no doubt will be a security event that will likely have far-reaching impact, and we’re certain there are many interesting discoveries still ahead.

We’ve done research on security and the role it plays in the enterprise and in governments for both Dell and Cisco in recent months. If you’re interested in security and what business leaders are thinking about their organizations’ security, we encourage you to download and read this research. You’ll find it here:

Four Keys to Navigating the Hardware Security Journey (done in partnership with Dell)

Unified Communications and Collaboration: The Primacy of Security, Privacy, and Trust (done in partnership with Cisco)

Unified Communications and Collaboration: The Essential Differentiators for 2020 and Beyond (done in partnership with Cisco)

Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.


Shelly Kramer: Hello, Welcome to the Futurum Tech Webcast. I’m your host, Shelly Kramer. And I’m joined here today by my colleague, Fred McClimans. And we’re taking this conversation right to LinkedIn and to Twitter, and we hope you’ll hang out with us. And today we’re going to talk about the hack, what we think is a Russian hack targeting lots of government agencies. The list keeps getting longer and more alarming. And we’re going to talk a little bit about the three A’s that are involved in this hack. And I think you’re going to find it’s a really interesting conversation. Before we dive any deeper, I do want to say that this show is intended for informational and educational purposes only, and we bring our opinions and lots of them. We are tech analysts. We have many opinions. Please don’t take those opinions and use them as investment advice. This is not intended as such. So with that business out of the way, welcome Fred. It’s great to hang out with you today.

Fred McClimans: Hey, likewise, Shelly. Great to be here. We’ve got a big topic and I’m always enjoyed the big topic conversations with you.

Shelly Kramer: Big topic. So the Pentagon, intelligence agencies, nuclear labs and fortune 500 companies use software that was found to be compromised by Russian hackers. And the sweep of stolen data is still being assessed. In the last few days we keep having companies or organizations throughout the government added to the list of people who are compromised. We wanted to take a minute and just step back and look at the timeline here. And Fred, I know that is something you’ve spent a little bit of time talking or thinking about rather and researching. So lay it out for us, would you.

Fred McClimans: Timelines are always subject to interpretation at different times. But based on what we now know, again, subject to change. Back in March of 2020, the alleged Russian hackers, they’re suggesting now that it was APT 29 or the Cozy Bear, the advanced persistent threat team that has also been involved in a number of other state sponsored attacks in the United States. They managed to get access to the SolarWinds system? Now SolarWinds in particular, this was their Orion platform. SolarWinds is a provider of ITSMs or IT service management tools. Essentially they provide the dashboard, the single pane of glass that allows an organization to monitor everything within their IT organizations, their networks, their communications, their computers, their servers, the works. So gaining access to this type of a tool, that’s a big thing.

Shelly Kramer: It’s a big thing.

Fred McClimans: Huge thing. So now between March and June of 2020, it’s believed that about 18,000 of SolarWinds customers out of I think 500,000 total or so.

Shelly Kramer: 300,000 is the number that I saw.

Fred McClimans: Okay, 300,000, so what they did, those organizations as part of their normal routine operations, they would download updates to their software. Well, that’s where this group targeted their attack. So inside SolarWinds and the Orion platform, they managed to install code into the software updates system so that when these organizations went out and did what they’re supposed to do, update their software on a regular basis, they were bringing the hack attack into their organization. So once they get into the organization, they sit there and they wait and they discover and move around. Now let’s fast forward to last week where FireEye, one of the leading cybersecurity firms in the country and in the world realizes they have been breached. So they start to dig into this and figure out what’s going on? Where did this come from? And it was in that process there that they came across and discovered the vulnerability in the SolarWinds Orion platform update.

Shelly Kramer: Well, and let me just interject here real quickly, who uses SolarWinds software? Hold on. All five branches of the US military. The Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice, the White House, 10 leading US telecoms companies, the top five US accounting firms and many others. I mean, so this is potentially a very big exposure in terms of targets.

Fred McClimans: It is from a target perspective, but I think it’s important to recognize that with this type of an operation, this is a stealth operation. A lot of hacks, I mean, you can break them into, into different categories. If somebody is interested in just obtaining data quickly, they break into a system and they just download everything they possibly can, or they lock things up if they’re going to do a ransomware attack. In this type of state sponsored activity, it’s more about gathering intelligence and it’s finding a way to stay within the system without being detected. So very often we’ll see threats come into a system. They’re quiet for a while as they were here with SolarWinds, and then they move laterally through the system. They figure out, they discover, the explore, they find opportunities within there, which in and of itself is actually kind of a good thing for those that are being attacked because that means that the organization isn’t necessarily at that point downloading lots and lots of data. So while a lot of people may have been impacted by this, it’s not clear yet how much data was actually accessed or what they were really going for. It doesn’t minimize the threat.

Shelly Kramer: No. And actually what SolarWinds has said is that, we talked about this earlier, they think that about 33,000 of its 300,000 customers, well, they know that 33,000 of its 300,000 customers use Orion and they believe only half of those have downloaded. So this is one of the instances where not being on top of your software downloads might actually prove to be a good thing, right?

Fred McClimans: It might be.

Shelly Kramer: And only half of those have downloaded the Russian compromised update, but they also think that the actual number of compromised targets was in the dozens. But they have been quoted saying the highest value targets. So it really isn’t that thousands of companies have been impacted. Cyber espionage professionals are smart. They know what they’re looking for. They know what they want. They’re patient. So I think that that’s very much that’s at play here.

Fred McClimans: Yeah. Certainly. It’s important too to recognize the different type of targets that a threat actor may be going after. Certainly we see state sponsored activities around economic issues, around business and technology issues. We had a lot of talk about threats coming in from Russia or China or other actors during the COVID-19 vaccine development process. Very interested people trying to get intellectual property. That’s been a long issue with the Chinese groups as well, with Chinese groups coming in, finding their way into technology companies to lift technology essentially. But there’s also that larger picture. There’s finding that strategic target, that OPM database. The Chinese hack back in 2016 where they were specifically looking for lots of records of information on people. In this situation here, we’re not quite sure what they were really going after in some of these government organizations, but there’s a lot there. Think about the DOJ and the White House, certainly.

But for me, I think the biggest risk in all of this, it goes back to mirror something that took place back again in 2016, with the Chinese hack. Back in 2016, China hacked and was able to gain access to NSA tools that the NSA used for accessing other systems as part of their activities. They then shared that and they use that. And in fact, we believe that the Russians used it, we believe that North Korea used it in some of their activities as well. In this situation here, what we have is FireEye recognized that their red team attack tools had been compromised. Now, when we talk about red team in the cybersecurity space, we’re always trying to figure out how good defenses are and how we can break in and how we can defend. And they do that through essentially a war game; a red team, blue team activity. Blue team, good guys. Red team, bad guys.

So now this particular hack group, they have obtained access to all the FireEye’s red team tools, the very tools that FireEye uses to test the defenses of all their clients. And that’s a huge thing. That’s huge out there because now you have that whole threat. Everything, the intellectual property and all the capabilities of FireEye being turned against FireEye and every other company potentially out there. Now, FireEye, I’m certain, they are deep right now into figuring out ways to counter that and to close that off and to monitor for it, but it’s a big threat, big threat there.

Shelly Kramer: When we talk a little bit about, we’ve mentioned industrial targets and utilities, and actually we didn’t talk about utilities, but that’s a given, government agencies and things like that.

Fred McClimans: Anything in critical infrastructure, yes.

Shelly Kramer: Right. So to break this down a little bit. So these vulnerabilities that FireEye discovered is in software used by millions of connected devices and there are flaws that can be exploited by hackers to penetrate both businesses and home computer networks and exploit them. Think smart plugs, thermostats, printers, routers, healthcare appliances in hospitals.

Fred McClimans: Pacemakers.

Shelly Kramer: Components of industrial control systems, think utilities. Remote controlled temperature sensors and cameras. And they could also be used to control systems like water, power and automated building management. So when you think about the reason, this is such an oh, crap moment, is that this could potentially… It’s a big hack. It’s a very big deal and it could potentially affect beyond just the government.

Fred McClimans: Absolutely. We have, for lack of a better phrase here, we have created a very complex, sophisticated digital infrastructure that doesn’t just participate in our lives, it controls our lives. And for anybody to have the ability to turn that off for a moment or to compromise it or to cross the wires, so to speak, that is a significant event beyond, I mean, it approaches Black Swan kind of event theory here. And that’s a risk that we certainly have to take a look at here. Think about when the Ring Doorbells cameras are hacked and that circulates around. It’s kind of an oh, well, hey, don’t use a Ring, but people don’t realize that basic IoT and industrial IoT technology is in everything that we have now.

Shelly Kramer: Everything that we have, yes. And it’s kind of scary. I saw somebody quoted. I was looking to see if I could find it. A very senior level. Oh, here Sarah Bloom Raskin, who is the Deputy Treasury Secretary under the Obama administration said the attack was the day you prepare against in your whole career, your whole life. This is the attack you prepare against. And it really, it’s been said that this attack is one of the biggest crises that the NSA has ever encountered. So it is a big deal. And the other thing beyond just the government impact, think a minute about senior executives from major corporations the world over are working from home. Okay. And they are using routers. By the way, it’s not hard to figure out who these executives are either. I mean, come on, people are doing videos.

I mean, it’s not hard if this is your job and you’re devoted to figuring it out. Right. So senior executives of major corporations the world over are working remotely, they’re using routers, they are using printers, they’re using devices that we know are actually easily compromised. So when you extrapolate that out in terms of what kind of, and I know that the risk that certainly we might be subject to on our devices, but think about the information that is shared electronically. Some people use VPN, some people don’t use VPNs. And so it really is an interesting thing. Another interesting thing that I ran across this morning as I was prepping for this is that Mike Pompeo, the Secretary of State gave an interview with Brietbart, always the top source that I go to. And he refused to acknowledge that Russia is responsible and he shifted blame to the Chinese or North Korea, and every expert out there that’s talking about this is not pointing to China or to North Korea. It’s very, very common. Russia is the state actor who’s consistently been the most successful in hacking attempts. And I haven’t seen anybody other than Pompeo questioning that.

Fred McClimans: No, it’s interesting because there are a number of ways that you can identify who somebody might be. There’s the overall behavior of that organization. How they behave, how they approach a potential target, the surveillance and the information gathering, the process they go through before they actually try and penetrate an organization. Then you have the steps that they take within that organization. It’s sort of a behavioral fingerprint of sorts, much like I can hear footsteps in the hallway and recognize, oh, that’s this child, not the other child that’s out there.

You also have the tools themselves that they use, the preferred tools. And let’s be open and honest about this, in this world, it’s not just Russia and China and North Korea that have these capabilities. The United States has these capabilities as well. And of course, now the big question is what type of counter action potentially takes place here. And I could see, in the big picture, a bit of reluctance on the part to actually pin definitive blame on one organization here so early into an attack, but all the signs seem to point to the Russian state sponsored activity here in this. I liked, Shelly, a few minutes ago, you were talking about the data that you can gather coming off…

Shelly Kramer: Let’s go to those three A’s.

Fred McClimans: It’s interesting because I read an article last week that talked with the executives at Zoom and they had their oh crap moment, when they watched a Zoom call with the UK government and they’re watching the Zoom screen and they go, wait a minute, there are their names. There’s the meeting ID. All this information, and we forget about the stuff that people can gather from what’s behind the pictures and so forth. But what you got me thinking about there was the idea that a lot of these hacks, they’re part of a larger puzzle. That it’s one little tiny piece of a large mosaic and these hacks, especially in the state sponsored side, what we see is they’re really looking to gain information. They’re looking to paint a digital profile of individuals, of organizations, of networks, of behavior, of connections that they can possibly make there, just so they can better understand.

In fact, in the tech space, we talk often about a digital twin. In essence, we are putting out so much information that we are creating a digital twin, that somebody can literally mirror all of the organizations and the people that we have within the United States or within any country for that matter. So here we get though, the three A’s, we talked about this earlier. And I think this is important to understand the magnitude of the threat that we face here. So there are three A’s that I look at to determine what’s taking place in what the risk of something could potentially be. And these are three processes that organizations on the threat side go through, but they also are the same three steps that people on the commercial side as well, when they’re dealing with data and customers and so forth.

So let’s walk through these real quickly. First A, acquire, the goal of the threat actor, just like a corporate business is to acquire as much information about an organization or an individual that they can. In the commercial space, they want to build that 360-degree view of the consumer. They want to be able to anticipate their needs and personalize everything. In the threat actor space, it’s all about gaining every piece of digital data they can to exploit at a later point in time. So once you have all this data, all these different sources, and these can come from years and years. Go to the OPM hack, all of the information about security clearances and government employees, the Aetna healthcare hack, the Experian hack, credit information, healthcare information, military records, all this information coming together. What you then do is you aggregate it all together. You put it out there, you throw it into a big data lake somewhere. You start throwing technology at it, throw machine learning and AI to figure out what are the patterns, what are the connections? So you essentially aggregate all that data together to draw connections and create a more complete profile of an organization. And then you get to the third step, which in the commercial space, this is how you monetize it. In the threat actor space, you activate that data to do something nefarious.

Shelly Kramer: Kind of also how you monetize it.

Fred McClimans: Kind of also how you monetize it as well. So in this case here, maybe that information is pieced together to create a better profile so that you can impersonate a person. Maybe you can get into a bit of blackmail or extortion with that individual. It’s all about gaining leverage and better understanding an organization. And that’s exactly the process that we see here. The three A’s. They acquire a lot of information from different sources. They aggregate it together to find commonalities, to paint a better picture. And then they selectively activate one step at a time. It’s a very basic process, but we see it repeatedly in this type of threat.

Shelly Kramer: There’s a reason they do it that way. So one thing that I wanted to touch on here, the CISA, the Cybersecurity and Infrastructure Security Agency.

Fred McClimans: It’s part of this.

Shelly Kramer: It’s part of this. They issued an emergency directive on Sunday to power down the SolarWinds software. Totally makes sense. Except for the fact that now what’s happening is that these companies, these agencies who were used to relying on this software for access into a view, into everything that’s happening in their network, now they’re running blind. And we’ve done some research that I thought we could talk about a little bit. We’ve done some research for Dell on security and really the presence of threat, and sometimes it’s not really what people perceive it is, and what we see from people using a dashboard compared to people who aren’t using dashboards. So this is a really big deal. I mean, to just be running blind with organizations of this size.

Fred McClimans: Right. So now think about this though, Shelly. If I’m a threat actor in the background and I’m trying to achieve an end goal, I always think of this as a chess game or for Star Trek fans out there, the three-layer chess that’s out there. It’s always deeper and richer than you expect. And step back for a moment and say, well, maybe the goal of this or one goal, one possible valuable outcome is to actually get all these organizations to turn off the monitoring systems for just a moment. When they’re off, now you can have a whole new wave of attacks coming in that they just simply can’t see.

The candy store is wide open here for them. So we see those activities there, but it’s important when you talk about that inability to see. As you mentioned, we did a security study with Dell on hardware and supply chain security, and what we found in that was that organizations that didn’t use effective dashboards were significantly more likely to say that they had never been hacked. So you have organizations that are using security dashboards, they go, oh yeah, we’ve been hacked. Every year we get hacked.

Fred McClimans: We don’t have that visibility go, no, we haven’t been hacked. I don’t think we’ve ever been hacked. It’s sort of the Zaphod Beeblebrox approach from The Hitchhiker’s Guide to the Galaxy by the great Douglas Adams. Put on the glasses, what you can’t see can’t hurt you, but the reality is it does. And that’s a significant threat coming out of this, just that lack of visibility into your operations. I mean, not just I think about two ways. Security operations, but then what about all the IT management that you need to have in place. Just basic business operations for your organization?

Shelly Kramer: So what do you think? Do you think this is a great opportunity for vendors, vendors like Dell to run in with a solution that we can slide in? I mean, that’s a problem, and SolarWinds is a great company. They make great products. There’s actually no negative to say here, but the reality of it is this is a major hit to your brand. Where do you go from here?

Fred McClimans: There are a couple of other hits here from a corporate narrative perspective. Right now, anybody that provides these type of tools is going to get dinged. It’s a natural thing in that ecosystem. SolarWinds get hit, every other dashboard provider out there they’re going to take a hit. FireEye gets hacked, every other cybersecurity company out there suddenly becomes suspect to an extent, but I don’t really see the negative impact for the security companies. If anything, this demonstrates that they’re needed more than ever. But what I do think is that just like in the natural world environment, we only can exist because of biodiversity. In the technical space, I like to think of there being tremendous value in techno diversity. Diversity in the different types of technology that an organization has. If you have only one system and that system fails and if it’s complex, it’s going to fail spectacularly, which we have in the case of people that are only using SolarWinds. So I’m a big believer and a proponent of saying, look, you want that single pane of glass, you want that dashboard, we have a second pane of glass from a different vendor that operates in a different way. So that if you have a failure in one system, you don’t run into Airbus 737 MAX 800 situations where there’s no backup. You need a backup capability in place.

Shelly Kramer: And I feel like that’s a lot of what these pandemic times have taught business leaders. I hope have taught business leaders. And I know that we’ve talked a lot and thought a lot about this, but you have to have a business continuity, a business resiliency plan. You have to say, these are the solutions that we’re using. What happens if this goes to hell? What happens if, and having those conversations about worst case scenarios and what we do to quickly pivot and get ourselves whole again, I think are important conversations that we’re learning we have to have all the time.

Fred McClimans: Yeah, absolutely. If your organization isn’t thinking about, and this is sort of a dated phrase out here, but continuity of operations, the Cooper plans that we used to run through in a significant way, right after the 9/11 attacks. There was a huge emphasis there. A lot of organizations I think have let technology get ahead of them. And they haven’t really thought through all the implications of that, pardon my language, but the oh shit moment. What happens when this fails? You have to have a backup plan, you have to have some type of resiliency in your organization and that’s a big challenge. I’d love to talk to organizations about how they can improve that and keep themselves one step ahead of the game because it is a huge challenge. COVID and now the hack, two things that virologists and security professionals have been preparing for. This is that A.

Shelly Kramer: And I think that there are conversations that need to be had and maybe this is something that we’ll be able to tackle with maybe even with some of our clients. We talk a lot about the importance of vendor partnerships today and how you can’t do it all when it comes to technology. So finding the right vendors and having strong partnerships and relying on them for lots of different things, not just to sell us a piece of technology, but the services piece of that as well and sometimes the management piece of that as well. But I really do think there’s and it’s hard enough to get budget for that. Okay.

Fred McClimans: It is.

Shelly Kramer: So all of our research tells us that budget is an issue, no matter what we’re talking about. So then when you start having conversations about, okay, we’re not only going to choose what we think is the best strongest vendor partner to deliver this solution, but we also need a backup vendor partner.

Fred McClimans: I wouldn’t put it as a backup so much.

Shelly Kramer: A partner vendor partner.

Fred McClimans: A partner. Yeah. So in a lot of situations, I think this is more of a behavioral mindset issue from the very beginning. We see risk in organizations that can be as basic as company A acquiring company B and not properly vetting the security implications of that. Or an organization, because they want to make a sale or they want to move into a new region, they want to find a new distribution partner, they say, sure, we’ll share our data with you, without thinking, do we really need to share all of this data? And if we do share the data, what’s the risk associated with that? You get to this point where the chief risk officer within an organization and the chief trust officer and the chief security officer, they really need to be that same person, or at least that very tightly coordinated group. That team of people that recognize that just like digital transformation is an ongoing process, an ongoing evolution, security is the same.

It’s an ongoing process and security directly relates to risk within an organization. And you have to think about these upfront, but just having that mindset that says, just because we can put data into a database and throw it into the cloud or throw it into a data center somewhere, is that the right thing that we should be doing? There are certainly behavioral things that organizations need to think about to create that virtual air gap. Just simply the road that you shouldn’t take in a lot of situations here. And I know you’ve seen it in your clients and our clients as well. There are a lot of organizations, that they get ahead of themselves, they rush. And in fact, we did a different study, you and I worked on last year where we found that 40%, 50% of the organizations that we talked to said yeah, sometimes they roll out new products and new initiatives, knowing that they’re not secure because they’re trying to get that revenue dollar. They’re trying to make that deadline time to market and that’s a very costly, almost a deadly mistake.

Shelly Kramer: Well, it is. And especially when you start thinking about, as I mentioned earlier, we’re talking routers and printers, sorry. Lots of different things that can potentially be dangerous routes and ways for hackers to get in. And I think really where we’ll wrap this conversation is in we talk about this constantly. We write about this constantly with our clients, about our clients. I mean, there’s just not anything more important than security within your company regardless of the size of your company, and as you said, I think you made a really good point, security like digital transformation is a journey that never ever ends and you have to be constantly aware of it. And you have to really always be putting at the very top of your strategy list. And I think we know that. I think that we know from, was it the survey we did for Dell or was a survey we did for Cisco, remember the importance of security ranked by senior executives was at the very top of the list.

Fred McClimans: Yeah, so that was a collaboration tool, actually. That was the study we did with that with Cisco across the board, collaboration tools, security, security, security, security in there. It doesn’t always translate into practical application because as we found this summer in a follow-up to that Cisco study where you looked at organizations and how they were addressing the sudden home from work employee. Significantly, I think it’s 35% close to 40% of organizations were saying, look, our solution to this right now is just let the employees use whatever they want to use. We’ll even pay them for it. They can just use it, then we’ll deal with the implications after the fact. And that’s like driving your car, parking it alongside the middle of the street and going, hey, everybody, I’m going to leave the keys here on top.

Shelly Kramer: Whatever happens, happens.

Fred McClimans: Whatever happens, happens. Yeah.

Shelly Kramer: Yeah. It’s crazy. Well, all right, Fred, it’s been always a pleasure hanging out with you and this topic is fascinating. It’ll be really interesting to see what transpires here. I think the one thing that we didn’t note was that huge props to FireEye because it was in the process of investigating their own cybersecurity incident, after looking through 50,000 lines of code, that led them to discover this. And then they alerted the government. And so massive props to FireEye.

Fred McClimans: Actually, FireEye and SolarWinds for being upfront about this and reaching out proactively and Microsoft as well, their security team that has been working on this with those organizations.

Shelly Kramer: That’s great.

Fred McClimans: Kudos to them for finding this threat and bringing it public quickly.

Shelly Kramer: Well, we’ll see. I’m sure there’s way more that’s going to come up as a result of this and we’ll be looking at it, but for everybody hanging out with us today, thanks so much. It’s always great being here and Fred, it’s great sharing time with you and we’ll be back again soon.

Fred McClimans: All right. Thanks, Shelly.



Author Information

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”


Latest Insights:

On this episode of The Six Five – On The Road, hosts Daniel Newman and Patrick Moorhead welcome Intel’s Jim Johnson and Acer’s Jerry Kao for a conversation on Intel’s largest client architectural shift in 40 years and what makes this shift so exciting for the future of AI-ready PCs.
The Six Five Team discusses the HP Foldable 17" PC.