We’d be remiss if we didn’t start with the biggest data breach of the year — and, indeed, possibly one of the largest and most significant cybersecurity incidents ever. The SolarWinds Orion breach was a cyber catastrophe caused by foreign hackers who infiltrated government and business networks through inserting malware into SolarWinds’ software updates. For months, if not longer, adversaries were able to use this backdoor to access sensitive information, potentially from hundreds of thousands of organizations around the world. One thing is for sure, the repercussions of the attack will likely reverberate throughout 2021 and beyond.
We’ve written quite a bit about the SolarWinds Orion breach over the past few weeks. Start here to learn more about this attack and recommendations on what to do to mitigate its impact.
Speaking of SolarWinds, the Orion hack was initially discovered by cybersecurity firm FireEye — which itself was a victim of the SolarWinds incident. FireEye discovered a malware intrusion apparently emanating from Orion which it subsequently dubbed “SUNBURST.” FireEye’s hack resulted in the theft of 300 proprietary software tools.
When discussing the Orion attack in an interview with NPR, the company’s CEO, Kevin Mandia, summed it up in the following way: “We're a nation losing billions of dollars to ransomware, and we are a nation that just had potentially one of the most successful cyber espionage campaigns ever done on it.”
FireEye continues to investigate this incident and is working with federal authorities to track down the perpetrators. It’s an ongoing concern — and, like the Orion hack, will continue to be for the foreseeable future.
2020 started off with a disclosure from Microsoft regarding a breach that took place at the end of the previous year. As the company reported, they discovered a misconfiguration of an internal customer support database that was used for support case analytics. The server in question contained roughly 250 million entries containing email addresses, support case details, and more — but Microsoft reported that “most customers did not have personally identifiable information exposed.”
To its credit, Microsoft launched an in-depth investigation into the incident, was highly transparent about what happened, and took swift steps to mitigate any damage. But the incident still shows the danger that a simple yet common error can introduce to a company and its customers.
Oracle’s Data Management Platform (formerly known as BlueKai) suffered a serious blow in June 2020 when it was discovered that an unsecured server exposed billions of records — with information including names, email addresses, home addresses, and other personally identifiable data.
This information had been collected through BlueKai’s web tracking platform, which marketers can use to infer as much about their audience as possible. According to TechCrunch, the company amassed “one of the largest banks of web tracking data outside of the federal government.” The exposure of that data certainly merits a place on this list and shows how not performing tried-and-true cybersecurity basics — like database encryption — can lead to one of the big data breaches of 2020.
In light of these attacks, it’s never been more important to develop a strong third-party risk management program. As vendors can introduce unwanted vulnerabilities into your network through breaches and other security incidents, it’s critical that you develop optimized processes for regularly assessing third-party risk. Clearly, it’s not enough to simply perform manual, point-in-time third-party risk assessments. Continuous monitoring, backed by an easily understandable KPI like security ratings, is essential to maintaining a secure supply chain. Without this insight, organizations run the risk of exposure — and a repeat of the events of 2020.
In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.
Overall, the EO starts to fill in some critical gaps in US government...
The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or the combination of first and third party...
Not all security ratings are equal though.