In this episode of Breach Ready Dialogues, Agnidipta Sarkar, Chief Evangelist at ColorTokens, sits down with renowned cybersecurity analyst Richard Stiennon to unpack what really happens during a breach: the chaos, the scramble, and the hard truths organizations face.
From recent attacks impacting JLR, Qantas, and Marks & Spencer to insights from RSA, Colonial Pipeline, and OT environments, Richard draws on 25 years of experience discussing breach readiness, zero trust, OT security gaps, supply-chain compromises, and why microsegmentation is becoming non-negotiable.
If you want real-world lessons on cyber resilience from one of the industry’s top voices, this episode is a must-watch.
For more resources, visit: https://colortokens.com/media-hub/
Agnidipta Sarkar: [00:00:00] Hi everyone. This is Agni welcoming you once again to breach study dialogues. I have Richard here. Uh, you all know about me, but I’ll let him introduce him about himself. To me. He’s a guru who knows a lot about how things are happening around us and how breaches are affecting our daily lives. Richard.
Richard Stiennon: Thanks Agni. So I’m Richard Steven, I’m a industry analyst. I’ve been covering this space for 25 years. Um, and I try and track, uh, the entire space, every single vendor and every single product in the space. So you can ask me later how I do that.
Agnidipta Sarkar: Yeah, that, that would be looking at the catalog of the back, but you know, just so that you know, even I subscribe to it Harvest.
Agnidipta Sarkar: So I, I follow you, I read whatever you write and, and all those are very interesting. But, uh, I, I think if we are gonna talk about breaches, I, I, one of the things that I believe you’ve got [00:01:00] extensive experience on are. What happens during a breach? What’s the effect on organizations? How it impacts their, uh, daily work?
Agnidipta Sarkar: How it, how, what kind of, you know, influence does it have on stakeholders and stuff like that. So, yeah. The, the recent, uh, one that comes to my mind, and I think it’s hot of the press for everyone else, is what happened at, uh, Jayla ar, Cantas, marks and Spencer and stuff like that. What’s your take?
Richard Stiennon: Yeah, so I mean, when you see a breach, especially one that’s, uh, ransomware based, um, plus ex distort.
Richard Stiennon: Uh, it kind of tells you something about the organization, right? That they succumb to something that is pretty easy to see when it’s happening and pretty easy to limit the damage. But when organizations report billions of dollars of losses ’cause of lost business and having to. Shut down storefronts, et cetera.[00:02:00]
Richard Stiennon: Um, to me it’s, it’s a black eye for the IT and security departments for those organizations. I don’t want to be in the position of victim blaming, but there are many, many organizations that never have breaches and they’re doing something different than Marx and Spencer and the rest of those retailers.
Richard Stiennon: So, um. You know that that’s my, my first take. But internally, when a breach happens, um, I’ve seen it over and over again. There’s a mad scramble. There’s befuddlement, there’s like, uh, we don’t even know what happens. Uh, who do we call? All of these things, all these questions that could be answered well before the breach.
Richard Stiennon: And it’s part of what resilience means to me anyways, is have a response plan in place already. You should know who to call. Um, and certainly, you know, if you have an IT security department, that’s great, but I remember the CIO of, uh, colonial Pipeline here in the United States. Um. Didn’t have anybody to call.[00:03:00]
Richard Stiennon: Right. She was engaged in conversations with her IT department and the networking team. Um, they didn’t have a security team. They had, they had somebody in charge of the CyberArk solution, and that was about it. So. Um, the, it’s that befuddlement that goes on, and the lack of accurate communication with people that are impacted, customers or stakeholders, uh, is another sign that they really didn’t have a plan in place in the first place.
Agnidipta Sarkar: Yeah, and, and you’re absolutely right. The, the worst part is there are no books about this. There is no current, uh, there are no, no descriptions of. What should really be done in the first hour, first six hours, because people who have gone through that have not yet gone on and written, um, books, uh, about it.
Agnidipta Sarkar: I mean, I wish, [00:04:00] in fact,
Richard Stiennon: I, I was writing a book called, uh, cyber Defense. I was under contract to complete it. And so I went and interviewed the CISO of, um, RSA security, or he was actually C-S-O-C-I-S-O for all of EMC that owned RSA security about the 2010 breach, uh, that they suffered. Um, so it made a great story.
Richard Stiennon: I’ve never published the book, so I haven’t published a story. Um, but basically, you know, in a early, in a, you know, Monday morning kickoff meeting, uh, for the team, everybody discussed what they’re seeing and stuff like that. And one person said he saw unusual network activity. Another person said he saw unusual activity on a server.
Richard Stiennon: That was enough for them to go, there’s something going on. Let’s dig into this. So they spent the next couple days watching the attackers get a foothold [00:05:00] to, uh, progress traverse across their network and target what they’re after. What they’re after was the secure seeds for secure ID tokens. So these super secret seeds, uh, were all you needed to basically reverse engineer.
Richard Stiennon: A little, uh, uh, token. Yeah, a token from RSA and there was, they brought in a outside, uh, uh, expert and he was in there watching everything going on. And then he, when he saw them actually exfiltrating the file, which I’m not sure if it’s the case, but in my mind there’s a spreadsheet. That was unencrypted and very large one ’cause they had millions of, of, uh, rows and he saw it being exfiltrated and he hit a big red button, literally that shut off network access for everybody.
Richard Stiennon: So he stopped the exfiltration in process. Uh, so it must have been a really big file to give him that much human reactive time. And it was funny because ours has. [00:06:00] Um, public, uh, facing communication and their formal communication to the Security Exchange Commission was that, uh, you know, this isn’t, you know, this happened, but don’t, our customers don’t need to worry about it because the likelihood is very, very low that something will be done with.
Richard Stiennon: That information was stolen by Chinese hackers. By the way, PLA was, uh, the one that was attributed this to, this was attributed to. Well, six weeks later, Lockheed Martin stopped an attack that used a spoof, RSA secure ID token. And that really got me thinking because like how in the world could you possibly do that?
Richard Stiennon: And how that, and that’s where most people’s security, um, implementations of layers of security stop. Is, Hey, we’ve, we’ve implemented, you know, hard tokens. Uh, we know the 80,000 people who own those tokens we’re done. If they log in, [00:07:00] it’s good. And yet they detected that somebody logged in with a spoof, uh, secure ID token because they’re monitoring, you know, location and time of day and all that stuff.
Richard Stiennon: So, kind of the very first instance of what we now call zero trust. So it is phenomenal story and, and those are examples of companies that are at the top of their game. Both RSA and, and Lockheed Martin are A players, right? Nobody’s better than them.
Agnidipta Sarkar: Yes.
Richard Stiennon: Yeah. So the rest of the world, marks and Spencer in particular, not there.
Richard Stiennon: Right. They’re still fighting the battles of justifying multifactor authentication and, and segmentation and, you know, all and all the things that we, we all know you should be doing. And they’re still fighting the battle to get the attention.
Agnidipta Sarkar: Yes. And what you said just now actually got me thinking a little bit more.
Agnidipta Sarkar: ’cause you talked about the RSA. Event. And [00:08:00] that was the time when, once that incident happened, um, and people realized there was the widespread panic because they didn’t know. And, you know, we were not in the same place in the world as we are in 2025 today, but at that time, um, there was panic and, and so it is today.
Agnidipta Sarkar: I mean, uh, if, if you look at it, attackers are not only attacking companies, uh, like Mark and Spencer, JLR, they’re spreading into ot. And, uh, that’s another area. Um, you, you’ve been in Gartner as well, and you’ve been, you’ve been analyzing these things. You’ve been talking to CISOs. Where do we see we stand today and versus where we could go tomorrow, um, with respect to ot because, uh, you know, like you said, uh, people are still scrambling to do, let’s say, microsegmentation or some other foundational technology in place, EDR and stuff like that, but.
Agnidipta Sarkar: OT is a different ball game altogether, [00:09:00] and
Richard Stiennon: Yeah. Yeah.
Agnidipta Sarkar: Like you said, the news comes out. We’ve had an unprecedented attack and we’ve shut down our operations,
Richard Stiennon: and I view OT as being about 10 to 15 years behind. Uh, IT security and at the, so right now they’re at the stage of, oh, there are conferences about it.
Richard Stiennon: That’s good. As there were about IT security 25 years ago. Um, and, but there’s no b no budget, right? Because, uh, OT is on the, you know, if you think about the manufacturing side, the production side, the, the build, the thing that we sell side, um, therefore it gets. Uh, scrutinize for impacting margin. And, uh, or slowing things down.
Richard Stiennon: Can’t have that happen ever in ot, um, or disrupting operations. So you can’t, there aren’t as many security controls that you be that can be put in place. You can’t say, oh, let’s [00:10:00] put, uh, some sort of, uh, filter, uh, the traffic inside the network Can’t ever do that, right? Because the first of all, the, the creator of the filtering tool, you know, whatever security company it may be, um.
Richard Stiennon: You can’t have the knowledge it needs to know what’s good and what’s bad inside your network. And it’s one more point of failure and you can’t introduce a point of failure that will shut down, you know, plant or power grid if that particular product stops working. Um, so it has, if anything, it has to fail open.
Richard Stiennon: Uh, we used to have firewalls that did that where we distrusted. Putting something on the network so much that we require that they failed open. So the attackers would just make them fail and then they’d be open. Um, that’s the way it is in OT today. So very, very hard to get budget. Uh, very expensive To do something, you have to create, uh, passive listing tools.[00:11:00]
Richard Stiennon: You have to make decisions based on what they see. Uh, so they’re, you know, they’re gonna be taps, they’ll be outside the network. We rely a lot on a network. Um, separation, not segmentation, right? They’re totally flat networks inside the plant, right? You completely know. No ever, no other better example of a flat network than a manufacturing facility or a power grid for that language is, or
Agnidipta Sarkar: hospitals.
Richard Stiennon: Or Hospitals, oh my gosh.
Agnidipta Sarkar: Different area altogether. I mean, they have an expert machine on the same wifi network. Connect,
Richard Stiennon: yeah, the nurses station and the the CT scanner all on the same note.
Agnidipta Sarkar: Yeah. And
Richard Stiennon: so, um, and so it’s gonna take a lot of heavy lifting to get them into, you know, just up to speed with it.
Richard Stiennon: Security, it’s gotta happen. Right? And the, the attackers generally don’t have as much motivation, right? If you look at, as I have for 25 years, you’ve looked at the. Uh, [00:12:00] the, the threat scape and it’s predominantly, uh, uh, financially motivated, right? People are gonna do things, make fun. Uh, it started as, uh, you know, completely a hacktivist thing.
Richard Stiennon: We’re gonna hack you because you’re using windows and we’re gonna demonstrate the windows is horrible ’cause you should be using Linux. That was kind of the basis of all hacking 22 years ago. Um, but then the Russian business Network. Spinoff from the KGB figured out a way to turn it into a business model, uh, malware and exploits into a business model.
Richard Stiennon: And that created this, this economy for attackers. So that’s 99% of what we face. Unfortunately, the 1% of what we face are the most sophisticated attackers in the world. They’re the national security agencies of major countries. Um, and just as an aside, it could be a minor country. You know, there’s very little investment needed to have a crack hacking thing working for you.
Richard Stiennon: So a little tiny [00:13:00] country anywhere in the world could get whatever top marks as hackers. But luckily doesn’t, doesn’t work that way very generally. Or they’re so good we don’t know about it. Um, but that 1% are the sophisticated ones and they do wanna disrupt activity if. Uh, certain cause is needed for it and thus the um, uh, the Russian military intelligence, the GRU has been consistently attacking Ukraine for, um, at least 15 years.
Richard Stiennon: Um, and taking down their power grids, uh, shutting down, you know, most of their operations would not pet you the most damaging attack in history, um, and targeted at, at uh, uh, Ukraine, and particularly what it just spilled over into the rest of the world. And, uh, those disruptive attacks are what we have to worry about, and that’s, it’s the hardest thing in [00:14:00] security is to prepare for things that have never happened because you can’t get your stakeholders to give you the money to do that.
Richard Stiennon: They would rather take the risk. And they put, and believe it or not, in their heads they’re thinking, well, it’s okay if we go down ’cause everybody else will go down too. So nobody will point a finger at us as being bad. Right. But eventually you, you get the ball rolling and a few people don’t suffer the breach.
Richard Stiennon: And therefore they define best practice and everybody else is liable for not following best practice and they could lose their jobs or get sued or go out of business. Uh, it’s a funny psychology and we’ve been through that in the world of IT security, you know, banks have been through that and been law cases, you know, demonstrating that, you know, certain banks weren’t following best practices and therefore they lost the lawsuit.
Richard Stiennon: Uh, that’s gonna happen in OT too. It’s just that you’ve got a huge cohort of, uh, organizations, particularly in utilities that [00:15:00] can work together. They can collude, right? They, they’ve got meetings and they can decide that nobody’s gonna do anything until they allow us to raise our rate. It’s for a utility or, uh, or pay us to do something to make us more secure.
Richard Stiennon: ’cause we’re a national security concern. In the meantime, we’re not gonna do anything. We’re gonna just let all of our power distribution and transformers just sit there, uh, until there’s an attack. And even then, uh, we’re not gonna be liable because, you know, we’re a, a kind of co uh, monopoly sponsored by the local government.
Agnidipta Sarkar: Actually while you were speaking on, on these issues. And yeah, they, they make a very valid argument as to, uh, why OT industries or rather OT businesses should be now thinking of investing in cyber defense and cyber resilience. And probably trying to, [00:16:00] like you said, they’re separated, not segmented, but they should start thinking of.
Agnidipta Sarkar: And segmenting maybe, um, kind of thing like separating what could be, uh, critical infrastructure versus, uh, others that are more tolerable in terms of risk. But that brings me to, um, something that has been happening. Uh, in the US because I was reading about the fact that there’s a new thing that’s coming up called C-S-C-R-C now I think May, 2026 is when they’re going to come up with that regulation.
Agnidipta Sarkar: But before we go there, how has been the impact of the SEC requirement now to report cyber attacks and the material impact of cyber attacks in the us?
Richard Stiennon: Well, it means, um, CISOs are lawyered up. Um, they do, they do take, uh, uh, more of a concern for their personal liability. Um, and companies too, you know, lawyering up.
Richard Stiennon: I think it’s, it’s helped. [00:17:00] A little bit to, you know, make the CSOs job, you know, selling security easier. I think, uh, and, and I, I can see where you’re going with this. That will help on the OT security side, the only trouble is the CSOs. Traditionally hasn’t been responsible for all the, all the plant manufacturing and all the rest.
Richard Stiennon: Um, so they get, you know, more pushback from operations people than they do from anywhere else, right? It’s like, oh my God.
Agnidipta Sarkar: Can’t,
Richard Stiennon: don’t drop that on my network. And yeah, we made a decision a long time ago to standardize on Windows for robots. Um, and, and, uh, but you can’t put an EDR solution on our robots, right?
Richard Stiennon: ’cause that could slow us down. So we’re just gonna let them, you know, get full of crap as, as they do. Um, and that’s, that’s super problem for the cso. I think it’s not until OT people, um, [00:18:00] one experience firsthand, uh, breaches and disruptions caused by glitches that. Maybe they’re not, um, you know, attacks as much as they, they just happen.
Richard Stiennon: Uh, but when they realize what could happen if a worm got loose inside their network, then they’ll start to get serious about things like micro-segmentation and resilience.
Agnidipta Sarkar: Actually, that, um, I, I have an opinion on that and that is, um, coming from my own experience as a cso and is that. I’ve come to realize that there are differing views on the IT side and on the OT side, and there are both complaints on both sides that they don’t understand each other.
Agnidipta Sarkar: And I think that’s probably one of the areas that we should be working first is to bring everybody on the same table because at the end of the day, the liability of the cyber attack, like you mentioned in earlier when we were talking about it, is an impact on [00:19:00] everyone. Yeah, I mean the OT is equally impacted as the CISOs impacted.
Agnidipta Sarkar: Currently, as you said, CISOs are lawyering up good for the CISOs, but what happens to the guys who are on the operations side if, if it is found that they’re SU supposed to do something and they didn’t do it, figure the regulation, even the organization prepared to come after them. And that’s not a good thing to happen.
Agnidipta Sarkar: At the end of the day, all of us today are defending the enterprise, but that brings me to my last point, and that is. The current happening around the world is about supply chain. I mean, in the, in ot, in it, in banking, everywhere we have supply chains, I, I know that, um, getting the suppliers aligned on a single way of working or, or not ensuring that attacks in their enterprises comes into our enterprises.
Agnidipta Sarkar: It is continuing to be a challenge, but I I, I would love to, you know, learn from you, uh, or your take right [00:20:00] on, on supply chain attacks because you’ve been around for a very long time and you’ve seen, this is not new. I mean, supply chain attacks have been for a very long time. It’s just that the, the consequences are beginning to be different now.
Richard Stiennon: Right. Yeah. The, the first, uh, uh, recorded supply chain attacks, actually there’s two. One was called the, uh, the, uh, Mandarin chip attack. So in the development here in Michigan of the, by the way,
Agnidipta Sarkar: that was the, that was the reason I joined my cybersecurity.
Richard Stiennon: Really?
Agnidipta Sarkar: Yes.
Richard Stiennon: Really Cool.
Agnidipta Sarkar: Cool. Yes. Very good. That, that’s what inspired me saying that.
Agnidipta Sarkar: Okay. I think I can make a difference here.
Richard Stiennon: Yeah.
Agnidipta Sarkar: Go ahead.
Richard Stiennon: Awesome. So the ME,
Agnidipta Sarkar: my audience would love to know about that.
Richard Stiennon: Yeah, yeah. The M1, A one tank, uh, the Abrams tank, of course, is, uh, the US’ uh, most sophisticated battle tank built for the Cold War. Right? You know, it was actually built for land war in [00:21:00] eastern Europe, right?
Richard Stiennon: So the ones that get deployed Ukraine right now are finally actually being used the way they’re meant to be used, uh, and for the same purpose and fighting the same enemy. Um, the, uh, somebody local, I’ve actually. Talk two was, uh, looking at the, uh, chip require or the motherboard requirements for the M1 A one, uh, tank.
Richard Stiennon: And he found a chip on the, on the production board that wasn’t in the original designs, and that chip was able to change the fuel flow. Uh, to the engine, if the rubs per, per minute went over too high a range, uh, basically, and it had wifi capability. In other words, it gave the attacker suspected to be China.
Richard Stiennon: The ability, if they were ever in battle with us tanks to slow ’em down to like 10 miles an hour in the field. And that’s the famous, is it Mandarin or Manion Tank? I think [00:22:00] it’s Venturian chip there. And there’s other, uh, instances. Yeah. In there are other instances like that, the, uh, farewell dossier, uh, which is only documented on, um, the CIA’s website.
Richard Stiennon: So I take it with a big grain of salt, right? It could just be a complete fiction. Tend to think it is, but the, uh, story went, it was reported in the New York Times that there was a massive explosion in Siberia. And it looked like it was so bright. It looked like a, a, uh, nuclear explosion and a, um, operative, uh, in the White House.
Richard Stiennon: Told everybody, Hey, calm down. Wasn’t a nuclear explosion. It was us. We did that. And this is, we’re talking, I don’t know, maybe 19. Let’s see. Reagan was president, so 1980 kind of timeframe. And, uh, that story went that they had because of a, uh, uh, top, [00:23:00] uh, because of a high level a GB official turning and giving evidence and information to the French, uh, that was communicated to Reagan and, and Bush later, that they had all this information, including the targets that they were, that the Soviet Union was after.
Richard Stiennon: And the types of information, the shopping lists. So they knew the shopping list included, uh, Western Tech for, uh, pumps for pipelines. So they, uh, worked with a Canadian supplier of the patrol systems for those pumps and placed a Trojan horse on them so that when they’re shipped to the Soviet Union and installed, they could remotely or impact it.
Richard Stiennon: Similar to, uh. Uh, the way that Stuxnet worked, right? And they claim responsibility for that. I have been doing research and first of all, the, the person who, [00:24:00] uh, had the story and told the story over and over and is credited with the story on the CIA’s website, uh, fell to his death during the, uh, younger Bush’s administration because he objected to the yellow cake theory.
Richard Stiennon: He fell to his death off a seventh story balcony. Where he was living at the, uh, Watergate Towers, which is, you know, an apartment complex, which is famous, of course, in Washington DC so that’s suspicious. Um, but anyways, the, there, there’s no, you know, spike in gas prices that occurred at that time that should have occurred if a major pipeline was blowing up.
Richard Stiennon: So could all be fiction. That said, the idea is. Totally legitimate. We all know this could happen. We’ve seen it happen with stuck net. Um, uh, and then fast forward over the years, we’ve watched, um, the flame attack, which was a NSA built attack that had to. Uh, uh, [00:25:00] basically, you know, spoof, a hash of a software update from Microsoft.
Richard Stiennon: Scary, scary concept that the NSA can push the software update to an end point, and the endpoint says, okay, fine. It’s signed by Microsoft. It must be good. A, um, the, I already mentioned, uh, Matt Petya, right? The most devastating attack ever. That was a software update. There’s a accounting software package in Ukraine.
Richard Stiennon: Called Meoc and the GRU or the SRVI think it was, uh, no, GRU in infected it and changed this offer so that when it was updated, it was turned into a worm and spread throughout the world at the time. And then of course, the one, that
Agnidipta Sarkar: iPhone thing that happened very recently. Yeah,
Richard Stiennon: yeah, yeah. Saw Typhoon. Um, and then you’ve got, uh, solar Winds, which was kind of the wake up call for us csa.
Richard Stiennon: They got all excited about that
Agnidipta Sarkar: and driving to a point the, sorry I [00:26:00] interrupted. Sorry. That’s okay. That’s fine. What I was saying is the recent ones that are happening are more about, um, the help desk, you know? Right. Overall, the help desk to respond to and to, you know, reset passwords. Do you think? That if someone were to design their enterprise so that these suppliers of the help desks are in a different micro segment versus the assets For sure.
Agnidipta Sarkar: Would that help? I mean, because
Richard Stiennon: I think so, yeah. Any, any segmentation helps that for sure. Uh, where there’s a concentration of power, right. And capability and controls, uh, like the help desk has. Then that’d be a great place to do microsegmentation for sure. And mind you, um, there are other attack vectors.
Richard Stiennon: There’s still the software update attack vector. SolarWinds was one of those. Eros. Another one. Yeah. Um. And the, the, I’m very concerned about the software update, right? Because the, the [00:27:00] US government’s, uh, regulatory approach in CSUN in particular is, oh my gosh, all of the software suppliers have to become perfect at software development and secure CIC cd.
Richard Stiennon: And that is never gonna happen. You know, it’s easy for me to say this, ’cause if it ever does happen, I’ll be, you know, dead and buried. For a hundred years when it does happen, um, you cannot get software developers to develop their software perfectly securely from day one, right? They first, they have to have a product that people buy, and then they have to grow big enough to be concerned about the damage that could happen if the product is infiltrated.
Richard Stiennon: So I firmly believe the answer is to be better at. Uh, investigating sandboxing testing software updates before you install them. You do not want to be, uh, Delta Airlines that automatically accepts CrowdStrike updates. And then what? That’s insane. You know, at the very least, you don’t wanna [00:28:00] be patient one, and you don’t wanna shut down airports.
Richard Stiennon: Um. Just crazy. I mean, crazy that they have a
Agnidipta Sarkar: numerous, but I think that’s also to sue
Richard Stiennon: somebody.
Agnidipta Sarkar: But is it also not an operational challenge to be, um, I mean, it’s a, it’s a fine balance. You want to update yourself on time. You don’t want to update yourself on time because you could be patient zero, like you said.
Agnidipta Sarkar: So it’s a fine balance. And, and as you said, uh, the other time that, that, you know, people want to get into a stage where they say, okay, we’ll deal with the effect when we come to it. Uh, some people approach it like this is,
Richard Stiennon: that’s
Agnidipta Sarkar: exactly
Richard Stiennon: where we’re at.
Agnidipta Sarkar: And, and yeah. And, and that, that’s what I’m saying. I think because I, I am a firm believer that if there was any way that people were able to limit the effects of one disturbance, one disruption.
Agnidipta Sarkar: Into one part of the organization. I mean, those organizations [00:29:00] who still have itt, OT separated sometimes have a benefit of ITO OT being separated because the cyber attack, you know, probably wiped out, ran, put a ransomware on the IT network with OT kept on working. Uh, in hindsight that was a good thing, but then there was a bad thing that.
Agnidipta Sarkar: Because they don’t have it. OT connected, they’re not competitive enough and you know, industry 4.0 just went by and now they’re thinking of how much do I need to invest in industry 5.0? Should I not go there? So, you know, it’s a, you. Yeah, it, it’s a balance that probably you need to and get onto, and it’s a difficult question.
Richard Stiennon: Yeah. Yeah. Colonial Pipeline’s a great example because they actually were separated and they didn’t actually have any operational impact at all from the ransomware that they suffered. The only problem was they didn’t have visibility either, so they didn’t know. So that’s why they shut their pipeline down because it, it could have been better than, so it’s, it’s good to have the [00:30:00] observability.
Richard Stiennon: So at least you can answer the question, was OT impacted? And if not, keep the trains rolling. Keep the gasoline pumping.
Agnidipta Sarkar: I think, uh, you have another meeting where I’m a little cognizant of time, but
Richard Stiennon: Thank you. It
Agnidipta Sarkar: seems like, um. This is not enough. I would love to talk to you again because I, I know inside your head there’s so many stories that the world needs to know.
Agnidipta Sarkar: But thank you for being on Breach Study Dialogues and I will connect with you once again and we’ll have another session if you’re okay with it.
Richard Stiennon: Perfect.
Agnidipta Sarkar: Thank you, Richard. Thanks.
