SUNBURST exposes supply chain security risks

By Raphael Reich, Vice President of Marketing | December 29, 2020

The recent cyber intrusion campaign that leveraged modified SolarWinds software – now widely termed SUNBURST – has dramatically raised awareness of supply chain-based compromises and how intertwined organizations now are. Supply chain attacks are rooted in the military concept of a “flanking maneuver” in which an offensive force attacks their opponent from the flank (i.e., side) rather than head-on where the bulk of defensive forces are focused. In the cyber world, attackers work the same, targeting those areas where you are least focused. Attackers go after the paths of least resistance, often starting in your business partners, IT suppliers, subsidiaries or other related organizations and leveraging any entity or digital asset that eventually gets them access to their ultimate target: your applications, data and networks.

Attackers understand that your IT ecosystem extends well beyond your own organization and that you don’t control the security of all of your supply chain participants. They also know that organizations don’t have an easy way to discover all of those IT assets and test them for potential attack vectors. The SUNBURST attacks demonstrate organizations can be blindsided by unseen security weaknesses and vulnerabilities they simply don’t know how to find, let alone resolve.

Research: Organizations Ignore Their Supply Chain 

Most organizations focus almost entirely on protecting their known applications and infrastructure and that’s what virtually every cybersecurity tool is designed to do. No matter how large or small an organization’s security budget, very little spending is devoted to discovering, monitoring and protecting what is unknown. The SUNBURST attacks make it clear that supply chain security is one of those unknowns. Research conducted by ESG and CyCognito confirms that: less than half of those surveyed consider partners and affiliates as extensions of their attack surface, and nearly half of organizations do not include SaaS applications and public cloud workloads in their definition of attack surface. 

Poorly secured systems, abandoned assets, and misconfigurations in your supply chain are attractive targets for attackers. Attackers know your priorities and weaknesses, and how to capitalize on changing opportunities and confusion. They will always target the paths of least resistance because those let them achieve their goal via an unknown attack vector (e.g., in your supply chain) and avoid a frontal attack that’s more likely to be thwarted. 

More Supply Chain Attacks Likely

Ultimately, protecting your supply chain is not so much a matter of IT security budget as approach. Building an extended IT ecosystem and supply chain offers a number of business benefits such as efficiency, lower cost, and rapid innovation, but securing the broader attack surface it creates requires a different approach. The SUNBURST attacks crystallize the fact that the supply chain presents attractive attack vectors for reconnaissance and intrusion and suggest, because of their success if nothing else, that supply chain attacks are likely to increase. Just as attackers evolve their attacks to meet the situation, organizations must also make changes to advance their security and protect their interests. 

Defend Against Supply Chain Attacks with Attack Surface Protection

Even if your known assets are well protected by traditional security measures, you simply can’t be certain your supply chain partners are employing the same methods and level of protection.  What, then, is the best way to prevent sustained supply chain cyber compromises from impacting your organization?  Effectively managing supply chain security means gaining a comprehensive view of cyber risks across your entire attack surface. 

The CyCognito platform discovers and examines an organization’s entire IT ecosystem for security risks with the same “outside in'' perspective that attackers use. It determines and shows you the relationships between all of the assets in your extended attack surface and associated risks, including those in your connected supply chain. As the technological underpinnings of business become more intertwined, so too does the security of your entire cyber supply chain. If you don’t have visibility into the shadow risk that exists across your extended IT ecosystem, CyCognito can help you discover your attack surface as well as where you are at risk. 

About Raphael Reich, Vice President of Marketing

Raphael Reich, Vice President of Marketing, has helped bring innovative, category-defining security products to market for over two decades.

Contact Author:
  • linkedin
  • email

See How We Protect Your Attack Surface

Watch Demo Video