A key
Image: Matt Artz/Unsplash

The malware is coming from inside the system

Protocol Enterprise

Good morning, and welcome to Protocol | Enterprise. In this Thursday's newsletter: the scary combination of supply-chain attacks and ransomware, why AT&T wants to keep some of its applications in-house despite its big Microsoft deal, and the U.K. startup that thinks quantum computing is coming home.

Also, some news about Protocol | Enterprise: As of last month, I — that is, Tom Krazit — am the new Enterprise Editor at Protocol, overseeing coverage and planning for an expansion of our team over the rest of the year. Joe Williams will continue to contribute to this newsletter and provide amazing coverage of enterprise software, and soon we'll share more details about our bigger plans. Thank you to everyone who has helped make Protocol | Enterprise such a success, and we promise it's only going to get better.

By the way: Please join us for our next Protocol Event, How To Build a Smart City, on July 13 at 11 a.m. PT/2 p.m. ET, sponsored by Qualcomm. Protocol's David Pierce will host a panel discussion on the future of the connected city with Jordan Davis, executive director of Smart Columbus; Jonathan Winer, CEO of Sidewalk Infrastructure Partners; and Jeremy Goldberg, director of critical infrastructure at Microsoft. RSVP here.

(Was this email forwarded to you? Sign up here to get it in your inbox every week.)

The Big Story

Managing the managers

For two decades, businesses have invested in interconnected IT management software. But reliance on that kind of technology is looking increasingly scary as security breaches become increasingly sophisticated.

The fallout from the latest ransomware security attack, waged through a breach of managed-services provider Kaseya over the holiday weekend, is raising new concerns about the intertwined nature of modern businesses and the companies they pay to manage their technology systems. Countless companies have embraced IT management tools and providers in recent years as they've struggled to hire good tech talent to do the job in-house.

A combination of ransomware with supply-chain attacks makes the operating model of MSPs start to look perilous.

  • Kaseya makes and sells IT management software for MSPs, and also offers those services to small and medium-sized businesses.
  • By definition, Kaseya is therefore authorized to push software updates to end-user devices, because timely software patches are considered table-stakes security measures at most corporations.
  • But judging by the last year, traditional security exploits of unpatched end-user systems seem quite dated compared to supply-chain attacks that can impact dozens or hundreds of companies through a single action.
  • REvil, a ransomware group believed to operate out of Russia, seized upon a vulnerability in Kaseya's VSA product to push out malware that locked computers around the world. The group demanded $70 million to release the unlocking key.
  • Fallout from the incident appeared to be limited in the U.S., although a Swedish grocery store chain was forced to shut down over the weekend after Kaseya shuttered its cloud services and urged on-premises users of its software to do the same in hopes of containing the damage. In total, around 800 to 1,500 businesses were affected, according to Reuters.

This is "likely the most important cybersecurity event of the year," according to Matt Tait, chief operating officer of Corellium, who wrote about the breach on Lawfare Blog Monday.

  • Supply-chain attacks have been around for a while, but it's becoming very clear how much potential they have to cause havoc at scale with just one exploit.
  • The SolarWinds attacks were damaging because they allowed attackers to cover their tracks while setting the stage for further infiltration, and while that's scary enough, they didn't disrupt normal business activity.
  • The Kaseya incident had an immediate impact, paralyzing customers who did nothing wrong and had no chance of detecting or preventing this attack: The systems they trusted to keep their IT assets protected were the same systems that installed malware on those computers.

The really scary part is the speed at which ransomware attacks on trusted supply-chain providers can ripple throughout the world. That has the potential to cause immense economic disruption.

  • Ransomware attacks on individual companies and government organizations running outdated software are bad enough as it is in 2021, and there is no easy solution other than patching software against flaws.
  • When the software-patching mechanism is itself compromised and used to seed malware to any number of third parties, the problem gets exponentially worse.
  • Businesses have been told for years to stop wasting money trying to manage IT services themselves, with the argument that they're better off focusing on their core business activity.
  • It would only take one successful supply-chain attack on a major IT vendor to cause damage on a scale we've yet to see.

And the government needs to be taking it very seriously. President Biden told reporters Wednesday that his administration expects to have more information about the attack and its ramifications later today. Cybersecurity has been a priority in the early days of Biden's term, but the scope and intensity of these attacks is only growing.

  • Businesses of any size operating on the internet must prepare for future attacks as if they're on their own, because traditional methods of mitigating security incidents won't work for large-scale ransomware and supply-chain attacks orchestrated by foreign actors.
  • The incident is also likely to increase calls for more providers to provide some sort of "software bill of materials" documentation to their customers, a supply-chain transparency proposal the Biden administration is scheduled to release more details about next week.

—Tom Krazit


We compare 5G to electricity. In the beginning, people might not have known what electricity was good for. Now it's an essential part of life. You always assume it's going to be there. That's how we think about 5G and its role in connecting everything to the cloud. It will transform how we communicate.

Learn more


Join Protocol's David Pierce for a conversation with Smart Columbus' Jordan Davis, Sidewalk Infrastructure Partners (SIP)'s Jonathan Winer and Microsoft's Jeremy Goldberg on what it takes to build smart cities right. July 13 @ 11 a.m. PT / 2 p.m. ET Learn more


This Week On Protocol

Insurance not assured: Speaking of ransomware, the spate of attacks levied over the past several years is causing havoc in the insurance industry, which enjoyed profits on cyberinsurance policies until recent months. Protocol's Hirsh Chitkara takes a long look at how insurance companies are adapting to ransomware outbreaks and how they're preparing for the future.

5G turns blue: Telecom companies moved notoriously slowly when it came to adopting new enterprise tech over the last few decades, but that's changing quickly. I talked to AT&T Communications CTO Jeremy Legg about the company's decision to use Microsoft Azure for its 5G rollout, and why some workloads might never wind up in the cloud.

Five Questions For...

Jason Cohen, founder & CTO, WP Engine

What was your first tech job?

When I was 14, I earned $600 making some custom student-testing software for a professor at the University of Texas in Austin. It used a defunct Apple platform called HyperCard, a fact which will likely bring a smile to the face of anyone who knows what that is.

What was the first computer that got you excited about technology?

The TI 99/4A. I could make basic (and BASIC) programs for a Zork-like game, or weird patterns with a turtle in LOGO. It was the fact that, if I could figure out the right incantations, this machine would do anything.

If Protocol gave you $1 billion to start a new enterprise tech company from scratch today, what would you do?

I would use $1 million to $5 million to seed about 10 concepts, then use the balance to fund the few that took off. But if I were forced to invest in just one idea, I would look for a niche where I could "disrupt from below," i.e., where existing technology is excellent and widely used, but 10x more expensive than it now needs to be, thanks to advances in infrastructure and software. There are probably opportunities everywhere, but some that come to mind are sales force automation, real-time data aggregation/reporting, workforce management, FP&A and data reporting.

How can enterprise tech improve its current status around diversity, equity and inclusion?

Attack the problem by considering it a funnel that needs to be optimized at every step. Candidates entering the top of the funnel, the interview process, indoctrination into the company, performance management, compensation and promotion policies, and so on. This presents you with control points to effect change, as well as measurement points to understand current state and whether things are changing. It also suggests that the answer will not be a big silver bullet, but rather many lead bullets, applied in many areas, which is the correct way to understand how progress will be made.

Which enterprise tech legend motivates you the most?

I really like Ken Thompson. Co-inventing C would be enough of a reason, but it's also inspiring that he worked on a number of interesting things, like chess table bases and regular expressions, and of course also Go, which I also really like.

Around the Enterprise


We compare 5G to electricity. In the beginning, people might not have known what electricity was good for. Now it's an essential part of life. You always assume it's going to be there. That's how we think about 5G and its role in connecting everything to the cloud. It will transform how we communicate.

Learn more

Thanks for reading — see you Monday!

Recent Issues