The SolarWinds attack reminded everyone that the U.S. government, major corporations, and small businesses can all fall victim to sophisticated supply chain attacks. What went wrong and how can we limit the impact of the next attack?

In Non-Compliant Podcast Episode 29, Host Jay Edelson, nationally recognized plaintiff’s attorney and founder of Edelson PC, and Guest Shawn Davis, the firm’s Director of Digital Forensics and leader of the firm’s tech investigations team, discuss the SolarWinds hack, vendor cybersecurity, geopolitical fall-out of cyberattacks, and what everyday companies can do to up their information security game.

To start the show, Jay and Shawn breakdown the wide-scale SolarWinds hack that targeted major government institutions, Fortune 500 companies, and many other businesses throughout industry (4:05). The attack shows that even well-regarded vendors like SolarWinds are prone to nation-state cyberattacks due to the wealth of highly sensitive information and access their customers hold (7:25).

Jay and Shawn continue their discussion on SolarWinds and why the attack highlights the potential dangers and risks of trusting third-party vendors (8:58). Shawn explains how the hack worked and how the attackers launched a broader attack through the Solarwinds updates, but then targeted specific valuable targets like Microsoft and the Department of Homeland Security for further compromise.

Next, Jay and Shawn turn their discussion to the difficulties of attributing a cyberattack to a nation-state or any threat actor (12:00). Shawn explains that sophisticated nation-state attackers can easily mimic where the attack is coming from and often are familiar with the coding and hacking styles of other foreign adversaries. Shawn further divulges that human intelligence can be one of the best ways to figure out who is behind a foreign cyberattack.

Later in the show, Jay and Shawn delve into why nation-state cyberattacks have the possibility of escalating into physical attacks that can disrupt the core of our national infrastructure (22:45). Jay and Shawn discuss that if such an attack happened, countries could escalate the situation to full-out kinetic warfare (26:20). That’s why many nation-states limit cyber-activities to gathering intelligence, steal trade secrets, and influence elections.

To wrap the show, Jay and Shawn discuss why physical security – such as protecting laptops– is just as important as limiting online threats (31:35). The human element is important as many in the C-Suite often don’t follow the rules they set out for their own companies (34:45). Shawn further shares his best practices for any company trying to limit cyberattacks and why information security should always remain top-of-mind (37:35).

If you liked the show, please subscribe and leave a review. You can also send us an email at podcast@edelson.com with any questions or for guest booking.

Connect with us:
Website: https://www.edelsoncreative.com/#podcast
Facebook: https://www.facebook.com/edelsonlaw
Twitter: https://twitter.com/EdelsonCreative
LinkedIn: https://www.linkedin.com/company/edelson-pc

Connect with Shawn:
Twitter: https://twitter.com/sd24801
Edelson PC Profile: https://edelson.com/team/shawn-davis/

Recent Non-Compliant Podcast Episodes:
Non-Compliant Podcast Episode 26: https://podcasts.apple.com/us/podcast/non-compliant-podcast-episode-26-one-where-we-talk/id1491233296?i=1000507385902
Non-Compliant Podcast Episode 25: https://podcasts.apple.com/us/podcast/non-compliant-podcast-episode-25-one-where-we-talk/id1491233296?i=1000506637686
Non-Compliant Podcast Episode 24: https://podcasts.apple.com/us/podcast/non-compliant-podcast-episode-24-one-where-we-talk/id1491233296?i=1000505141465