As the Russian cyber threat heats up, it is becoming clearer that the protection of US and European national interests is increasingly in the hands of civilians at IT and software companies. American and European IT businesses that on the surface have nothing to do with the government are unwittingly serving as stepping-stones for enemy state cyberattacks and espionage campaigns. If these attacks are successful, they could not only have devastating effects on government and military secrets but also jeopardize trust in the software supply chain that is increasingly at the heart of the modern economy.
During recent months, my company, along with other large companies, including Microsoft, have seen the Russian hacking group APT29 — blamed for the massive SolarWinds cyberattack and the 2015 infiltration of the Democratic National Committee — quietly trying to gain access to large IT companies, mainly those that offer cloud-based software services to businesses and government organizations. The threat of damage looms large, especially because the agile and deep-pocketed group shows no signs of stopping.