By Jennifer Bisceglie, Founder & CEO, Interos
This past weekend, hackers reportedly breached the U.S. Treasury and Commerce departments, as well as several other U.S. agencies and numerous companies. The attack was perpetrated through the software supply chain, with hackers hijacking an update server belonging to SolarWinds. SolarWinds products are estimated to be used by some 300,000 organizations around the world, including all the branches of “the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency” per the Washington Post.
This is the latest in a long succession of increasingly ambitious (and dangerous) supply chain-based cyberattacks. According to Symantec, supply chain attacks increased by over 78% in 2019, and that number is only expected to rise. This most-recent attack, though alarming, is certainly not unprecedented. In 2017, hackers executed a similar supply chain attack using CCleaner to breach an estimated 2.27 million enterprise users. In the same year a group known as DragonFly was revealed to have gained access to some 20+ power and utility companies through a similar method.
This most recent attack is just another example in our hyperconnected world where the supply chain is being used as a point of attack. These attacks have made it clear that malicious actors intend to leverage that hyperconnectivity to its fullest potential by focusing their efforts on “gatekeepers,” the organizations that have been historically trusted to act as overseers of digital supply chain integrity for the millions of entities that make up the supply chain. By directly attacking these trusted authorities, hackers are able to quickly expand their control to thousands of the world’s largest, and most essential, companies and government organizations.
The supply chain is the soft underbelly of almost every organization on the planet and this evolving threat has crystallized the need for supply chain continuous monitoring. Organizations, now more than ever, need to know who they are connected to and how. When a breach of a trusted authority occurs, they need to be able to understand, in an instant, if they or any of their supply chain partners are exposed to the breached entities technology.
The first breach connected with this recent string of attacks is estimated to have occurred in March. With greater, continuous visibility of supply chain and stronger information sharing practices across industry, we will be in a much stronger position to cut the next attack off before it spreads. If we predominantly rely on legacy approaches (annual surveys that predominantly depend on self-attestation) our chances are much dimmer.
As we work to recover from this security setback, decision makers must look beyond their own organizational cybersecurity posture, to the extended supply chain networks that connect them with other businesses and adopt a forward-looking approach to supply chain resilience that protects and mitigates in advance of the next attack, and not simply in response to the last one.
The Interos platform ensures operational resilience by highlighting extended supply chain relationships with the involved vulnerabilities before they impact our customers and enable alternative sourcing, empowering customers to rapidly pivot to new, better-secured sources of supply in the event of a cyberattack.