Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access.
The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems.
The hack was unprecedented, transforming a core security product into a malware delivery system that provided unauthorized access to sensitive data for a minimum of nine months by escalating privileges, forging access tokens, and other alterations that went undetected.
Minimize supply chain cyberattacks
How can your organization protect itself from data breach by affected third parties in your supply or value chain? Apart from “basics” such as enforcing least privilege for third-party users and forcing administrative password resets on initial use (to avoid “username:admin, password:admin” scenarios), below are four unique and effective ways your organization can mitigate access-related third-party risk.
1. Provide an identity to anything connecting to your enterprise: people, systems and things. Doing so establishes an inventory of all third-party entities and the systems and data they’re permitted to access – a fundamental component of third-party risk management. Then, create controls that mitigate risk of unauthorized or inappropriate access using technologies such as role- or attribute-based access control, automated identity lifecycle management, policy-based authentication and authorization, multi-factor authentication (MFA), and others.
2. Take advantage of identity broker technology to verify credentials and enrich authentication requirements. According to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), the SolarWinds Orion hack was accompanied by forged SAML tokens that provided unauthorized access to enterprise resources without detection. ..