Inflection Point: The $84M Fall of Stoli
The fall of Stoli (the vodka maker) shows how cyber-attacks can push struggling companies over the edge.
Here’s what happened: In August 2024, Stoli got hit with ransomware. The attack knocked out their enterprise resource planning (ERP) system. They had to switch to manual operations for everything; even basic accounting.
Now, four months later, two U.S. parts of Stoli (Stoli USA and Kentucky Owl) have filed for bankruptcy. They’re $84 million in debt.
But the ransomware attack wasn’t their only problem.
Putin’s government labeled Stoli as “extremists” because they helped Ukrainian refugees. Then Russia seized Stoli’s last two distilleries there, worth about $100 million.
The ransomware attack made everything worse because:
??They couldn’t give their lenders up-to-date financial reports
??The lenders said Stoli defaulted on their loans
??The lenders cut off their access to more money
??Manual operations slowed everything down
??Their systems won’t be fixed until early 2025
What’s the lesson here?
Cyber-attacks that hit companies already dealing with other big problems often can be the final push into bankruptcy reorganization, or put them out of business permanently.
Think about it: Stoli was fighting Putin, dealing with seized assets, and managing debt problems. Then ransomware hit. Game over.
This pattern keeps showing up. Here are three examples that all closed after ransomware struck:
The message is clear:
Don’t wait until you’re struggling to get serious about cyber resilience.
Click "comment" and tell me one thing you’re doing to avoid being the next Stoli.
I read every comment you post.
-Kip
P.S. Please forward this "Inflection Point" to someone you care about.
???????? Subscribe here! ????????
Current Podcast Episode: “Basic Legal Literacy for the CISO”
What does the CISO need to practice every day in terms of basic legal literacy? Let’s answer that question through the lens of data breach and privacy class action litigation.
领英推荐
Our guest is Douglas Brush , a court-appointed Special Master and testifying expert in high-profile litigations involving cybersecurity, information governance, data privacy, and eDiscovery.
Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities LLC, and Jake Bernstein, CISSP, CIPP/US, Partner with K&L Gates.
By the way...
Have you tried using LM Studio?
It’s a desktop app that lets you run a large language model locally.
In my case, I have it running on macOS using an M4 Pro processor and 64GB of unified memory.
That means I can allocate most of the system RAM to the GPU cores in the M4 Pro and get good performance.
The result is I can enter confidential customer data into my local LLM (never into an LLM I don’t control) and get it to help me do better quality work, faster than I can do on my own.
I’m getting very good results with Llama 3.1 Instruct (8B) and Llama 3.2 Instruct (3B).
Kip Boyle is a husband, dad, entrepreneur, and experienced cyber risk manager. He founded Cyber Risk Opportunities LLC in 2015, after seven years as the CISO of PEMCO Insurance in Seattle. As a captain on active duty in the US Air Force, he served in the Combat Archer and F-22 Stealth Fighter programs where he was the director of enterprise network security. These days, he serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
113 Cherry St #92768, Seattle, WA 98104-2205
Zero Trust Facilitator Speaker ZTX|ITIL|xBTGlobal|xIBM|xMicrosoft|xBMC Founder/ CEO Chief Excitement Officer| Mentor | Vendor Agnostic
1 个月Excellent content. We are often fascinated with the bounty numbers that ransomware grabs however the postmortem is equally if not more devastating. I enjoy peeling back that onion and truly understanding the human element.
Protecting businesses with end-to-end cybersecurity and managed IT infrastructure
1 个月If their operations for of a 100 M of their business then that would be equivalent to a physical takeover of their manufacturing operations which would not allow them to operate regardless of system takeover. If you don’t have a way to make product for your core business overnight by physical takeover. Then the ERP supports the supply of goods for the other half of the business it’s much worse than cyberattack. More like invading and and the distillery’s are POW. This was my first visual when I read this. This is not too far off of the business that runs on TikTok or automakers producing in those countries where that control exists. Telco ops like in Spain where half their population lost internet and phone connectivity. That could also apply if it lasted long enough. Dire for the consumer who relies on telephone and internet to show up for work. If not resolved the stock would drop and the company would lose value. No win/no win and NO WIN. Beyond a security teams control. We don’t need attacks when you can take over the entire production facilities.
Interim CISO for Regulatory and Legal Compliance | Court Appointed Neutral (Special Master) | Data Breach and Duty of Care Expert Witness
1 个月Me in DFIR and cyber assessment scoping engagements: Question 1: Tell me about your ERP system. Typical Answer: Why would you ever need to know about that, Doug? It's not a cyber risk.
Microsoft MVP | Peer group leader | Thought leader, speaker, author, consultant, trainer, advisor | founding President of the National Society of IT Service Providers | Giver to the community |
1 个月Great post
Cybersecurity Leader | Expert in SOC, Risk Mitigation, & Compliance | Driving Innovation & Resilience in Enterprise Security Operations
2 个月To mitigate such risks, companies should invest in comprehensive cybersecurity strategies, including regular system audits, employee training, and incident response planning. Proactive measures can help detect vulnerabilities early and prevent potential breaches.