by Sutapa Ghadiali
Late 2020 was abuzz with another breaking news story. No, it wasn’t the pandemic or politics. This time, it was the SolarWinds supply chain attack that went undetected for months! SolarWinds is one of the largest network management system software companies with an established customer base that ranges from the private sector to government agencies.
The SolarWinds supply chain attack is a critical reminder that businesses must continue to be vigilant, ramp up security awareness training and closely monitor networks.
To summarize this attack, a malware termed SUNBURST was inserted into the SolarWinds Orion software code which enabled attackers to take control of the victims’ networks. Both commercial and federal customers downloaded and installed vulnerable versions of the software, giving attackers access to their network and sensitive information.
The SolarWinds supply chain attack is a critical reminder that businesses must continue to be vigilant, ramp up security awareness training and closely monitor networks.
Specifically, businesses should:
- Enforce the latest regulatory compliance and best practices.
- Audit systems on a routine basis and identify gaps.
- Monitor systems in real time to the maximum extent possible.
- Implement stringent third-party/vendor management security controls and protocols.
For a detailed list of cyber supply chain risk management best practices, read the National Institute of Standards and Technology conference workshop brief, referenced below.
REFERENCE
- National Institute of Standards and Technology | Best Practices in Cyber Supply Chain Risk Management | https://tinyurl.com/33v9whyw