Nicole Perlroth

But in stepped Amazon and Google and Cloudflare, and they were able to mitigate the onslaught. Russia did get into Ukrainian power stations, but security experts and private industry and Ukraine's cyber defense agency and our own detected the malware before it was time to detonate, and they rooted it out. That is cyber resilience.

But in stepped Amazon and Google and Cloudflare, and they were able to mitigate the onslaught. Russia did get into Ukrainian power stations, but security experts and private industry and Ukraine's cyber defense agency and our own detected the malware before it was time to detonate, and they rooted it out. That is cyber resilience.

Here's Heather Adkins, who you may remember from our first episode as a founding member of Google's security team. You cannot prevent everything.

Here's Heather Adkins, who you may remember from our first episode as a founding member of Google's security team. You cannot prevent everything.

A big part of this is gaming out the worst case scenarios. Resiliency is taking stock of your crown jewels and all of your dependencies. It's asking yourself one simple question. What is my one thing? The one thing that if it were to be taken or degraded would be game over for you. And then it's asking, how do I wrap that asset with as much protection and redundancy as possible?

A big part of this is gaming out the worst case scenarios. Resiliency is taking stock of your crown jewels and all of your dependencies. It's asking yourself one simple question. What is my one thing? The one thing that if it were to be taken or degraded would be game over for you. And then it's asking, how do I wrap that asset with as much protection and redundancy as possible?

Your answer to this question will vary depending whether you're answering it as an individual or as a professional. As a mom, my one thing might be photos of my kids as babies, letters from deceased relatives. So I do what I can to prevent those from getting hacked. I use MFA. I use a password manager. But resilience is accepting that they might be stolen or that I get hit with ransomware.

Your answer to this question will vary depending whether you're answering it as an individual or as a professional. As a mom, my one thing might be photos of my kids as babies, letters from deceased relatives. So I do what I can to prevent those from getting hacked. I use MFA. I use a password manager. But resilience is accepting that they might be stolen or that I get hit with ransomware.

So I also back them up on hard drives and keep those offline. I print those photos out. I make copies. These days, it only takes 15 seconds of a voice recording to be used in a deep-faked phone call. So, I have individual code words with my kids. If they call me in distress, my first question will be, what's the code word? As a journalist, it was very different. My one thing was my sources.

So I also back them up on hard drives and keep those offline. I print those photos out. I make copies. These days, it only takes 15 seconds of a voice recording to be used in a deep-faked phone call. So, I have individual code words with my kids. If they call me in distress, my first question will be, what's the code word? As a journalist, it was very different. My one thing was my sources.

So in the most sensitive cases, I took those conversations completely offline. I met in person. I didn't drive to meetings in my car, which is now a smart device. I didn't take Uber. I didn't even bring devices. I used pen and paper and I made my notes unintelligible to anyone but me so that if or when I anyone got a hold of them, it wasn't all out compromise.

So in the most sensitive cases, I took those conversations completely offline. I met in person. I didn't drive to meetings in my car, which is now a smart device. I didn't take Uber. I didn't even bring devices. I used pen and paper and I made my notes unintelligible to anyone but me so that if or when I anyone got a hold of them, it wasn't all out compromise.

That same thinking and vigilance should guide companies. There's a line I think about a lot from Andy Grove, the former Intel CEO, only the paranoid survive. You should absolutely do everything you can to prevent the breach, but perfect security is a pipe dream. So you need to think long and hard about what happens when they do get in, because the odds are they will.

That same thinking and vigilance should guide companies. There's a line I think about a lot from Andy Grove, the former Intel CEO, only the paranoid survive. You should absolutely do everything you can to prevent the breach, but perfect security is a pipe dream. So you need to think long and hard about what happens when they do get in, because the odds are they will.

So you need to make sure the compromise of one account, one supplier, one pipeline doesn't lead to a whole nation shutdown. You have to run tabletop exercises starting from hour zero through however long it takes to get you back up and running. And you need to do this repeatedly until it becomes second nature to you, to your company, to our culture.

So you need to make sure the compromise of one account, one supplier, one pipeline doesn't lead to a whole nation shutdown. You have to run tabletop exercises starting from hour zero through however long it takes to get you back up and running. And you need to do this repeatedly until it becomes second nature to you, to your company, to our culture.

I do think it's vital for each of us to be more aware, more vigilant, but I wanna be realistic here. Saying that one individual alone can gird themselves against the full might of a major world power is absurd. It's like saying that one person's decision to use a single paper straw is going to resolve climate change.

I do think it's vital for each of us to be more aware, more vigilant, but I wanna be realistic here. Saying that one individual alone can gird themselves against the full might of a major world power is absurd. It's like saying that one person's decision to use a single paper straw is going to resolve climate change.

You should absolutely be changing the default password on your home router, using MFA where you can, But that's not going to do any good if router makers keep shipping us devices with gaping holes in them, then refusing to service those devices with patches or other technical support once they reach end of life. That's on them.

You should absolutely be changing the default password on your home router, using MFA where you can, But that's not going to do any good if router makers keep shipping us devices with gaping holes in them, then refusing to service those devices with patches or other technical support once they reach end of life. That's on them.