Well, here we are now in the first full weekend in
June. Finally summer is here, and it
feels great. But with the way the time
is going, soon we will be complaining about winter approaching. On the Cyber front, things are moving
quickly, but believe it or not, so far, we have not yet had the major catastrophes
that were feared after Russia invaded the Ukraine.
But we still have half of the year to go, so anything is
still possible. But as I go through the
news headlines, this fear seems to be diminishing somewhat. In fact, there are articles even out there
now that discuss why Russia has not launched a major Cyberattack yet. More to come about that in future blogs.
I think as I mentioned last week, and on a couple of podcasts
I have had recently, the attention is still on Ransomware and whether or not a
payment should be made to the Cyberattackers that launch these kinds of
assaults. But, another hot button topic
that is reemerging yet once again is that of Cybersecurity Insurance.
A lot of businesses now seem to be concerned about this,
especially with regards that it is more difficult now then ever before to
procure a rock-solid insurance policy. A
business owner now has to go through a whole rung of compliance checks and even
fill out a self-assessment before their particular is even looked at. I know this for a fact, as I have seen some
of them. Yes, they are detailed, and
take time to go through.
Another topic that has seemed to resurface again is that of
supply chain attacks. I actually have
reviewed what this is in previous articles, and in a few podcasts. But to refresh, rewind back to some time
ago. Remember the entire Solar Winds
fiasco? Well, for lack of a better term,
this is a prime example of such an attack.
Essentially, the Cyberattackers were able to find a small hole
in the IT/Network Infrastructure, and at that point, they were able to install
their malicious payload.
Once the victims downloaded the needed software patches,
their devices and other systems became infected with this malware. But we are not talking about just a few victims,
we are talking about literally thousands of them. But what is unique about the supply chain
attack is that it is not what you would call a one to one (1:1) attack, but rather,
a one to many (1:N). In fact, this is the
trend that we will now be seeing as these kinds of attacks happen even more.
In the mind of the Cyberattacker, why waste valuable time just
hitting one target, when you can hit a lot more, especially all at the
same time? But keep in mind,
the key is finding that vulnerable weak spot.
But there are other reasons for this, and these include some of the following:
*Supply chain attacks allow the Cyberattacker to reap a quicker
payoff in terms of financial gain, because so many victims are involved. And of course, the more of there are, the
quicker the ROI will be. Don’t forget the
press attention that this well get. Remember,
Cyberattackers are humans also. Once
they get the attention in the press, they get a high on their ego (for all of the
wrong reasons of course), and are thus motivated to launch more attacks.
*Web based applications are becoming the norm today in the Remote
Workforce environment. Because of this
huge uptick, software developers are even more pressure to deliver on
time. Because of this, checking for the
security of the source code often falls to the wayside. Worst yet, many
developers are now heavily relying upon source APIs to develop web applications,
and these often go untested or unchecked.
*After COVID-19 hit and the Remote Workforce now being a
permanent thing, many businesses have moved entirely into the Cloud, such as the
AWS or Microsoft Azure. But, one thing
that gets overlooked is that many enterprises choose a Public or Hybrid
deployment, which means that the Cloud resources are shared. Although technically speaking everybody has their
own server instance, things are still shared.
So a vulnerability that exists in one tenant could spill into your
environment, thus making a valuable point of entry for the Cyberattacker to penetrate
into.
So given all of this, what can you do so that you can mitigate
the risks of being a point of delivery for a supply chain attack? Here are some tips:
1)
Check all assets:
Normally this is done when you conduct
a Risk Assessment in order to determine which of your digital assets are the
most vulnerable to a Cyberattack.
However, this gets trickier of you are totally based in the Cloud. For example, you don’t know what could be
inserted into your platform. For example,
your provider could have put in a something you are not aware about, or even an
employee could have unintentionally deployed something also. Therefore, you need to keep a 100% of what is
coming and going in your Cloud deployment on a 24 X 7 X 365 basis. Of course, doing this manually would take forever,
but technology has now come to the point where this can be done automatically
for you. Or, ask your Cloud provider if
such tools are available, and if they can set up a system of warnings and alerts
as new things pop up in your Cloud environment.
2)
Keep watching and keep assessing:
Apart from monitoring of what is going
in and coming out, you need to keep a constant eye also of what still remains
vulnerable. You can do this by
conducting automated Vulnerability Assessments and Penetration Testing
exercises of your Cloud environment. On
top of this, you need to keep on top of what is still vulnerable in the way of your
digital assets. In this regard, you make
use of what is known as a “SIEM” to give you a bird’s eye view of just what is
happening in your Cloud infrastructure, from just one, single dashboard. In
this area, I do have to recommend that you make full use of Microsoft Azure.
They have great tools that you can use at no extra charge to help you do all of
this.
3)
Have an Incident Response (IR) Plan in place:
Even after you have taken all of the preventative
measures, there is still no guarantee that you will not become a victim. In
this case, you need to have a rock-solid IR Plan in place that will dictate the
sequence of activities that you need to follow immediately to mitigate the risk
of spreading even further. This plan
should be rehearsed at least once a quarter, and updates made to the documentation
with lessons learned. There are many
templates that are available online that you can use for this very purpose.
My Thoughts On This:
According to the latest from Gartner, supply chain attacks
will among in the top 10 for Cyberattacks, and up to 60% of security breaches
will happen in this fashion. More information
about these stats can be seen in the following links:
https://www.cyberpion.com/blog/types-of-supply-chain-attacks/
But going forward into the second half of 2022, you may not
see another Solar Winds attack. Rather, it
is anticipated that the Cyberattacker will launch much smaller scale ones
simultaneously, in order to cause more damage without being noticed too
quickly.
No comments:
Post a Comment