The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply chain partner, with significant implications for national security. Similar to NotPetya, the attackers compromised a software provider in order to gain access to the trusted update channel. Any organization using specific versions of the SolarWinds Orion Network Configuration Manager (SolarWinds Orion) product is presumed to be at risk.
As security and risk leaders search their supply chain to determine potential exposure to this incident, BitSight seeks to provide insight into key questions regarding the prevalence of Orion in the business ecosystem and to help organizations assess risk to their own supply chain. We analyzed more than 260,000 organizations across 24 sectors to determine the prevalence of Orion software by organization size, sector, and geographic location, finding:
BitSight recommends that security and risk professionals immediately determine the prevalence of SolarWinds Orion within their organization and broader third party supply chain in order to mitigate the risk of exposure. Security and risk professionals should immediately report potential exposure to senior executives and the board as soon as possible. Using clear, concise language is critical for security professionals to most effectively communicate risk.
Details are still emerging about the SolarWinds hack and the SolarWinds hack timeline, but here’s what we know thus far. Attackers targeted the SolarWinds Orion product and inserted malware into the software update function, allowing them to access multiple targets who rely on the Orion software -- including U.S. government agencies. According to SolarWinds, nearly 18,000 of its customers may have been at risk. On Dec. 13, the U.S. Department of Homeland Security issued an emergency order calling for federal agencies to immediately disconnect SolarWinds Orion, recommending that all organizations assess their exposure. By running specific versions of Orion software, organizations are potentially at risk of malicious actors infiltrating their organization through the remote update feature.
Security and risk leaders should immediately determine their exposure to SolarWinds Orion -- both within their organization and across their third party supply chain. Even if your organization is not using Orion, business partners, vendors, and suppliers who utilize Orion may pose a risk to your organization.
To further understand organization and industry exposure, BitSight analyzed more than 260,000 organizations across 24 sectors to determine the prevalence of Orion software usage by organization size, sector, and geographic location. BitSight continuously collects externally observable cybersecurity performance data -- as well as critical supply chain information like software product usage -- to help organizations manage their own cybersecurity posture as well as their extended business ecosystem.
As the industry continues compiling information regarding the massive SolarWinds hack, there are three critical steps that security and risk leaders must take to protect their organizations:
The cyber attack targeting SolarWinds, a provider of network and system monitoring software, is shaping up to be one of the most significant attacks against a critical supply chain partner, with significant implications for national...
Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...
Thanks to globalization and rapidly developing technology, enterprise involves more connections than ever before, and more connections means more risk in the supply chain.
Supply chain risk extends past those suppliers with whom you’re...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469