By now, you’ve heard about the massive security breach at IT management company SolarWinds, one of the most significant supply chain attacks in recent history. Now that we’ve gotten some distance from the event, we wanted to recap what happened and what you can do in the future.
SolarWinds was compromised when hackers, believed to be Russian, inserted malware into its Orion network management product updates. As a result, 18,000 organizations may have installed the software and been compromised. They include the U.S. Treasury Department, the U.S. Department of Homeland Security and cybersecurity firm FireEye, which earlier disclosed a breach that resulted in the theft of its red team tools.
Such a significant breach demands introspection, because—let’s face it—every single organization is susceptible to a breach through its third parties. The question is, what do organizations need to achieve cyber resilience and recover from such incidents?
Much can be learned from this breach, as well as from SolarWinds’ response. Here are five important takeaways to consider:
1. Organizations Must Have Third- and Fourth-Party Visibility
It sounds unlikely, but it’s true: Many times, organizations are simply not aware of all of the suppliers that they are connected to. This is problematic, because in the event of a data breach, organizations must be able to quickly understand and identify all of their third and fourth parties. With this information, companies can better control the extent of the breach by rapidly warning any suppliers that may have also been exposed.
2. Organizations Must Have Knowledge of Contacts
Another important but often overlooked item to consider? Make sure you know how to get in touch with your suppliers. Keeping updated contact information for both business owners and their vendors is essential for rapid communication should a breach occur. Contact information should be checked and maintained as part of a healthy third-party security risk process. You would think it is enough to know the contact at the third party, but it’s not, because you also have to know which business owner in your organization has the responsibility for that relationship.
3. Organizations Must Create a Kill-Switch
After the SolarWinds breach was discovered, FireEye and partners GoDaddy and Microsoft deployed a kill switch against the malware, thus mitigating some of the impact of the cyberattack. Similarly, organizations should have a similar kill-switch strategy in place for each third party, along with documentation and knowledge about how to implement it. That strategy should be based on the context of the business relationship with each supplier.
4. Organizations Must Have Automation
When hundreds or even thousands of suppliers need to be informed about a possible breach to their systems, speed is key. The only practical way to achieve this is by using an automated solution that can rapidly alert third and fourth parties of any issues and provide steps for remediation. Simply put: If your third-party security risk program relies on manual processes, then you have a problem.
5. Organizations Must Have Continuous Information
Cyber threats are constantly changing and evolving, making it necessary to keep up with an increased number of vendor threats. In addition, companies are always changing as well, introducing new software and technologies that could be vulnerable to cyberattacks. For these reasons, it’s essential that any third-party security program includes continuous monitoring to pinpoint any possible issues.
All of these strategies are essential parts of a holistic third-party security risk management program. While we have yet to see what will be the ultimate fallout from the SolarWinds breach, all organizations would benefit from re-examining their current third-party security risk strategy and program to ensure that it is as resilient as possible.
Want to learn more about how your organization can achieve cyber resilience? Contact Panorays today.