2020 ended with shocking cybersecurity news: a massive supply chain attack involving SolarWinds, Microsoft, VMware, and others. The hackers went undetected for nearly a year, impacting many sensitive targets, from US federal departments to private sector companies, including security firms.
This is the most sophisticated supply chain attack we've ever seen. Experts will be uncovering the damage for months, perhaps even years, to come. And while we may never know its full scope, I'm sure of one thing: It won't be the last time we witness this style of attack.
Are We Entering a Zero-Trust Era?As new information emerges, many organizations are renewing focus on their cybersecurity practices. They're asking: What controls can we put in place to protect against the next supply chain attack?
The SolarWinds hackers started with small gaps, infiltrated ever more sensitive environments, and finally reached a broad point of access to deploy malware: the official software updates that organizations rely on for security. As a result, we may be entering into a zero-trust era where nothing — not even well-known programs — can be implicitly trusted. Even the US National Counterintelligence and Security Center's director is discussing zero trust.
In practice, a zero-trust approach may be challenging for organizations. That said, there are two ways to make real progress towards zero trust: implementing fundamental security measures and layering defenses.
Organizations can enact several controls immediately to do this. Here's what that could look like.
1. Audit Active Dire ..