Unbelievable Cyberattack: How One Man's Stress Led to a Heart Attack!
Imagine waking up one day to find your entire world turned upside down by a cyberattack that could threaten national security. Tim Brown will forever remember December 12, 2020, as the day SolarWinds was notified about a massive breach orchestrated by hackers from Russia. The implications were enormous: over 300,000 global clients, including the US Treasury and various government departments, were vulnerable to attacks.
As the Chief Information Security Officer, Brown felt the weight of responsibility as the hack unfolded, knowing the stakes were higher than just data — it was about national security. Running on pure adrenaline in the early days, he faced the unprecedented challenge of managing a crisis while navigating the complications of working from home during the COVID pandemic. With their email compromised, the entire team opted to return to the office, even as the virus loomed. “I lost 25 pounds in about 20 days … just going, going, going,” he recalls.
In an era where misinformation can fuel panic, Brown became a public figure, making appearances on CNN and 60 Minutes. “The world’s on fire,” he says, highlighting the urgent need for clear communication with clients and government agencies. The company scrambled to shift communications to Proton email and Signal, knowing that verbal reassurance was far more effective than written messages in a time of crisis.
The attack’s origin was traced back to a phone call from Kevin Mandia, founder of the cybersecurity firm Mandiant, who informed SolarWinds’ CEO that their Orion software had shipped “tainted code.” This malicious code allowed hackers to gain unauthorized access to their clients. The initial estimate suggested that 18,000 clients were at risk, a number later revised to around 100, including multiple federal agencies.
In response to this disaster, SolarWinds employed CrowdStrike, KPMG, and DLA Piper for assistance. The company shifted its focus, halting new feature development for six months and directing 400 engineers towards bolstering security. Brown emphasized that they aimed for transparency to educate clients on attack methods and vulnerabilities.
Following the incident, SolarWinds experienced a dip in customer renewals, which thankfully recovered to over 98%. However, legal challenges soon followed, including a class-action lawsuit that settled for $26 million in 2022. The SEC then filed a lawsuit against both SolarWinds and Brown himself, accusing them of misleading investors about cybersecurity protections.
While in Zurich, Brown faced a health crisis of his own. Struggling to breathe and feeling intense pressure in his chest, he discovered he was having a heart attack. After surgery and recovery, he now advocates for mental health support for employees dealing with high-stress incidents. “Stress keeps building up,” he explains, stressing the importance of addressing mental health in the workplace.
Though a settlement with the SEC was proposed, the ongoing US government shutdown has delayed approval. Through it all, Brown has remained steadfast at SolarWinds, believing it’s crucial to see the crisis through. “It happened on my watch,” he reflects, acknowledging the immense pressure and responsibility he carries.
