Find out about the latest regulatory changes to data protection and what they mean for your company and your compliance program. Share best practices for managing cyber risks and protecting your information in today’s work- from home world

Details are not yet known about the full scope and extent of the cyber attack that targeted software provider SolarWinds and compromised the systems of several of the largest U.S. public corporations and government agencies, but the lessons learned from where vulnerabilities lurk in the third-party supply chain cannot be grasped early enough

News of the cyber attack, believed to have been perpetrated by Russian hackers, came on December 8 when cyber security company FireEye announced that it had been hacked by “a sophisticated government sponsored attacker” “The Hackers” secretly operated using methods that counteract security tools and forensic investigations. They used a novel combination of techniques that we or our partners have not seen in the past, ”said FireEye

“The Software Supply Chain Risk Is Far From New Concept. Over the past decade we have seen many instances where the supply chain has been tampered with and subsequently damaged. What makes this problem unsolvable is that every company is independent whether it recognizes it or not, relies on a software supply chain for both in-house and third-party applications ”

The cyber attack stems from the third-party network management software provider SolarWinds, where hackers implanted malicious code in a software update for SolarWinds Orion products so that hackers can gain a foothold on the network and gain elevated credentials from Microsoft’s analysis of the attack After the implantation, the software is connected to a server controlled by the hackers, so that they can launch further attacks against SolarWinds customers and steal their data

Among his more than 300000 customers said SolarWinds in a Dec. It is expected that “less than 18000 “Customers who installed Orion products that contain this vulnerability In the same regulatory filing, SolarWinds stated that Microsoft Office 365’s email and office productivity tools had also been compromised

The vulnerability was installed in updates that were first released in March However, a federal agency document indicates that the hackers sneaked into the system a year ago and the potential scale of the breach is alarming given that SolarWinds’ customers include 425 of the Fortune 500 companies and 10 of the top US Telecommunications, the top 5 US. Accounting firms, hundreds of universities and colleges, and several federal defense agencies

The SolarWinds Cyber ​​Attack Is Far From An Isolated Incident According to the 2020 Digital Defense Report, Microsoft has “over 13Sent 000 notifications to customers who have been attacked by nation states in the past two years, and noted a rapid increase in sophistication and operational security features. FireEye’s recent release is in line with the attacks we’ve seen “

US. Federal agency systems were also compromised in the attack, forcing the US. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is issuing an emergency policy directing all federal agencies to immediately disconnect the affected Orion products from their networks.The private sector is special about defense companies, tech companies, telecommunications companies, banks and more endangered

The proliferation of cyber attacks in nation states like this one, and the fact that hackers are using their methods more and more sophisticated, underscores the critical need for the private sector and governments to share the threat activity with another, cyber security experts said Microsoft explained : “It requires policymakers, the business community, government agencies and ultimately, individuals to make a real difference, and only through shared information and partnerships can we make a significant impact”

Aside from the need for better techniques for exchanging information between the public and private sectors, answering the question “What could we have done differently” is currently hard to pin down, “says Dan Petro, senior researcher at Bishop Fox Cyber ​​security advice It’s likely that this will lead to closer third-party scrutiny, he says

“Perhaps a greater insight into what companies are actually doing to keep security up is that we insist after this type of event,” adds Petro. Nothing to indicate negligence on the part of SolarWinds until we get more into that Knowing initial penetration, it’s hard to conclude what could have been done differently, he says

Even so, the SolarWinds cyber attack serves as an urgent warning of the need to be constantly vigilant about the threats lurking deep within the third-party supply chain, and this starts with the basic hygiene of cybersecurity, at the very least, organizations should ensure that They take the following measures to strengthen their own cybersecurity practices:

Get the Facts Right Now FireEye, Microsoft, SolarWinds, and CISA have each shared information that security industry practitioners can use to find and mitigate potential malicious activity related to the SolarWinds cyberattack, for example FireEye has more than 300 countermeasures for its customers and the entire security community designed to minimize the potential impact

Re-evaluate your cybersecurity sanitation. Businesses of all sizes should “make sure they understand where their data is, that the data is classified, that the proper access controls are in place, and that strong tools are in place for reviewing and detecting anomalies “Says Kunal Anand, Chief Technology Officer at Imperva.” Security teams need to know at all times where their data is in all environments, how it is being used and who has access to it in order to be able to apply the appropriate controls. ”

Don’t ignore Nth parties “The software supply chain risk is far from a new concept,” says Anand. “Over the past decade we’ve seen many instances where the supply chain is tampered with and then damaged What makes the problem unsolvable is that every company, whether it recognizes it or not, relies on a software supply chain for both in-house and third-party applications ”

As the SolarWinds hack shows, not only can the third-party application itself pose a cyber threat to businesses, “It is all of the components required to deploy, run, and verify that the application is functioning, including the services and components that come with you interact, “says Anand

At its core, the SolarWinds cyberattack sheds light on the deepest parts of the third-party supply chain that companies typically ignore for due diligence purposes. “A company may have the best security controls in the world, but that doesn’t mean they do of the entire software supply chain, “says Anand. The SolarWinds cyberattack shows how important it is to properly monitor not only the first-tier vendors, but also the vendors’ vendors – so-called Nth parties

Leveraging Technology To uncover vulnerabilities and cyber threats embedded in the deepest layers of the third-party supply chain and to mitigate attacks like the covert methods of the SolarWinds attack, companies must harness the power of artificial intelligence, says Jennifer Bisceglie, CEO of supply chain analytics firm Interos This means organizations need to deploy tools that enable “predictive operational resiliency,” where they move the larger, extended third-party supply chain to N-th parties in real time and continuously monitor suppliers such capabilities are simply not feasible on a scale through manual, human-controlled processes, says Bisceglie

Although there is no one-size-fits-all solution to completely preventing sophisticated nation-state cyber-attacks like the one that has fallen victim to SolarWinds and its customers, increasing the exchange of information between the public and private sectors, and using AI technologies that map and be able to monitor the entire third-party supply chain ecosystem in real time, as well as following cybersecurity best practices – such as the latest guidance from the National Institute of Standards and Technology (NIST) – is a good place to start and includes this document from NIST a helpful list of cybersecurity questions to help you determine the level of vulnerability in your suppliers’ cybersecurity practices

New guidelines from NIST aim to demystify a process that many companies in all industries have long struggled with: How can cybersecurity risk be seamlessly integrated into a comprehensive corporate risk management program?

NIST’s new draft privacy framework provides much-needed guidance to help organizations align their privacy and cybersecurity risk management practices

The National Institute for Standards and Technology has released an update to its widely used Cybersecurity Framework, which includes major revisions

A spate of recent third party cybersecurity breaches is a reminder of the importance of keeping organizations on top of risk management. Regulators have shown they don’t like pointing the finger

What Should You Do If Your Company Has Been Affected by Ransomware? Choose your own ending to this story about a clinic, a criminal, and a coronavirus to learn the risks and rewards of each choice

The slowdown in mergers and acquisitions in the early stages of the March coronavirus pandemic is easing and MA activity is approaching pre-pandemic levels, with cybersecurity risk now the primary concern

SolarWinds Hack

World News – USA – Cybersecurity Lessons Learned from the SolarWinds Hack

Source: https://www.complianceweek.com/cyber-security/cyber-security-lessons-from-the-solarwinds-hack/29855.article