BitSight partnered with Good Harbor to host a Salon discussion with security leaders from various industries to hear their thoughts on what the breach means for the security industry. See what these experts said that we should learn from this event and what we should do next.
Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest businesses and their customers. Let’s take a closer look at four of the big data breaches of 2020 — and what we can learn from these incidents to avoid a repeat of similar events in 2021.
SolarWinds Orion cyber attack
We’d be remiss if we didn’t start with the biggest data breach of the year — and, indeed, possibly one of the largest and most significant cybersecurity incidents ever. The SolarWinds Orion breach was a cyber catastrophe caused by foreign hackers who infiltrated government and business networks through inserting malware into SolarWinds’ software updates. For months, if not longer, adversaries were able to use this backdoor to access sensitive information, potentially from hundreds of thousands of organizations around the world. One thing is for sure, the repercussions of the attack will likely reverberate throughout 2021 and beyond.
We’ve written quite a bit about the SolarWinds Orion breach over the past few weeks. Start here to learn more about this attack and recommendations on what to do to mitigate its impact.
FireEye SUNBURST malware
Speaking of SolarWinds, the Orion hack was initially discovered by cybersecurity firm FireEye — which itself was a victim of the SolarWinds incident. FireEye discovered a malware intrusion apparently emanating from Orion which it subsequently dubbed “SUNBURST.” FireEye’s hack resulted in the theft of 300 proprietary software tools.
When discussing the Orion attack in an interview with NPR, the company’s CEO, Kevin Mandia, summed it up in the following way: “We're a nation losing billions of dollars to ransomware, and we are a nation that just had potentially one of the most successful cyber espionage campaigns ever done on it.”
FireEye continues to investigate this incident and is working with federal authorities to track down the perpetrators. It’s an ongoing concern — and, like the Orion hack, will continue to be for the foreseeable future.
2020 started off with a disclosure from Microsoft regarding a breach that took place at the end of the previous year. As the company reported, they discovered a misconfiguration of an internal customer support database that was used for support case analytics. The server in question contained roughly 250 million entries containing email addresses, support case details, and more — but Microsoft reported that “most customers did not have personally identifiable information exposed.”
To its credit, Microsoft launched an in-depth investigation into the incident, was highly transparent about what happened, and took swift steps to mitigate any damage. But the incident still shows the danger that a simple yet common error can introduce to a company and its customers.
Oracle BlueKai database hack
Oracle’s Data Management Platform (formerly known as BlueKai) suffered a serious blow in June 2020 when it was discovered that an unsecured server exposed billions of records — with information including names, email addresses, home addresses, and other personally identifiable data.
This information had been collected through BlueKai’s web tracking platform, which marketers can use to infer as much about their audience as possible. According to TechCrunch, the company amassed “one of the largest banks of web tracking data outside of the federal government.” The exposure of that data certainly merits a place on this list and shows how not performing tried-and-true cybersecurity basics — like database encryption — can lead to one of the big data breaches of 2020.
Mitigating these risks
In light of these attacks, it’s never been more important to develop a strong third-party risk management program. As vendors can introduce unwanted vulnerabilities into your network through breaches and other security incidents, it’s critical that you develop optimized processes for regularly assessing third-party risk. Clearly, it’s not enough to simply perform manual, point-in-time third-party risk assessments. Continuous monitoring, backed by an easily understandable KPI like security ratings (and other cybersecurity kpi examples), is essential to maintaining a secure digital supply chain. Without this insight, organizations run the risk of exposure — and a repeat of the events of 2020.