{"id":353,"date":"2020-12-29T23:06:00","date_gmt":"2020-12-29T23:06:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=353"},"modified":"2024-08-02T15:08:04","modified_gmt":"2024-08-02T22:08:04","slug":"cyber-risks-and-the-importance-of-attack-surface-management","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/","title":{"rendered":"SUNBURST exposes supply chain security risks"},"content":{"rendered":"\n<p>The recent cyber intrusion campaign that leveraged modified SolarWinds software \u2013 now widely termed\u00a0<a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\">SUNBURST<\/a>\u00a0\u2013 has dramatically raised awareness of supply chain-based compromises and how intertwined organizations now are. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A Flanking Maneuver<\/h2>\n\n\n\n<p>Supply chain attacks are rooted in the military concept of a \u201cflanking maneuver\u201d in which an offensive force attacks their opponent from the flank (i.e., side) rather than head-on where the bulk of defensive forces are focused. In the cyber world, attackers work the same, targeting those areas where you are least focused. Attackers go after the paths of least resistance, often starting in your business partners, IT suppliers, subsidiaries or other related organizations and leveraging any entity or digital asset that eventually gets them access to their ultimate target: your applications, data and networks.<\/p>\n\n\n\n<p>Attackers understand that your IT ecosystem extends well beyond your own organization and that you don\u2019t control the security of all of your supply chain participants. They also know that organizations don\u2019t have an easy way to discover all of those IT assets and test them for potential attack vectors. The SUNBURST attacks demonstrate organizations can be blindsided by unseen security weaknesses and&nbsp;<a href=\"\/blog\/how-to-improve-security-posture\/\">vulnerabilities<\/a>&nbsp;they simply don\u2019t know how to find, let alone resolve.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Research: Organizations Ignore Their Supply Chain&nbsp;<\/strong><\/h2>\n\n\n\n<p>Most organizations focus almost entirely on protecting their known applications and infrastructure and that\u2019s what virtually every cybersecurity tool is designed to do. No matter how large or small an organization\u2019s security budget, very little spending is devoted to discovering, monitoring and protecting what is unknown. <\/p>\n\n\n\n<p>The SUNBURST attacks make it clear that supply chain security is one of those unknowns.\u00a0<a href=\"\/resources\/reports\/esg-gaps-in-attack-surface-monitoring-and-security-testing-for-cyber-risk-mitigation\/\">Research conducted by ESG and CyCognito<\/a>\u00a0confirms that: less than half of those surveyed consider partners and affiliates as extensions of their attack surface, and nearly half of organizations do not include SaaS applications and public cloud workloads in their definition of attack surface.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SolarWinds attack (SUNBURST) demonstrates that hackers will find weakness in your extended IT ecosystem that you simply just don&#8217;t know about.<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[111,109,110],"class_list":["post-353","post","type-post","status-publish","format-standard","hentry","category-research","tag-esg","tag-solarwinds","tag-sunburst"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SUNBURST exposes supply chain security risks | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SUNBURST exposes supply chain security risks | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"The SolarWinds attack (SUNBURST) demonstrates that hackers will find weakness in your extended IT ecosystem that you simply just don&#039;t know about.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-29T23:06:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-02T22:08:04+00:00\" \/>\n<meta name=\"author\" content=\"Raphael Reich\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Raphael Reich\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\"},\"author\":{\"name\":\"Raphael Reich\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/5fc71e29aa32c6153db0b1cbcfd395a7\"},\"headline\":\"SUNBURST exposes supply chain security risks\",\"datePublished\":\"2020-12-29T23:06:00+00:00\",\"dateModified\":\"2024-08-02T22:08:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\"},\"wordCount\":326,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"ESG\",\"SolarWinds\",\"SUNBURST\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\",\"name\":\"SUNBURST exposes supply chain security risks | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2020-12-29T23:06:00+00:00\",\"dateModified\":\"2024-08-02T22:08:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SUNBURST exposes supply chain security risks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/5fc71e29aa32c6153db0b1cbcfd395a7\",\"name\":\"Raphael Reich\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a187c2484d7ae7c4068cf1f26c507972?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a187c2484d7ae7c4068cf1f26c507972?s=96&d=mm&r=g\",\"caption\":\"Raphael Reich\"},\"description\":\"Was Vice President of Marketing at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/raphael-reich\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SUNBURST exposes supply chain security risks | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/","og_locale":"en_US","og_type":"article","og_title":"SUNBURST exposes supply chain security risks | CyCognito Blog","og_description":"The SolarWinds attack (SUNBURST) demonstrates that hackers will find weakness in your extended IT ecosystem that you simply just don't know about.","og_url":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/","og_site_name":"CyCognito Blog","article_published_time":"2020-12-29T23:06:00+00:00","article_modified_time":"2024-08-02T22:08:04+00:00","author":"Raphael Reich","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Raphael Reich","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/"},"author":{"name":"Raphael Reich","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/5fc71e29aa32c6153db0b1cbcfd395a7"},"headline":"SUNBURST exposes supply chain security risks","datePublished":"2020-12-29T23:06:00+00:00","dateModified":"2024-08-02T22:08:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/"},"wordCount":326,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["ESG","SolarWinds","SUNBURST"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/","url":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/","name":"SUNBURST exposes supply chain security risks | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2020-12-29T23:06:00+00:00","dateModified":"2024-08-02T22:08:04+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/cyber-risks-and-the-importance-of-attack-surface-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SUNBURST exposes supply chain security risks"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/5fc71e29aa32c6153db0b1cbcfd395a7","name":"Raphael Reich","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a187c2484d7ae7c4068cf1f26c507972?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a187c2484d7ae7c4068cf1f26c507972?s=96&d=mm&r=g","caption":"Raphael Reich"},"description":"Was Vice President of Marketing at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/raphael-reich\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=353"}],"version-history":[{"count":6,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/353\/revisions"}],"predecessor-version":[{"id":1053,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/353\/revisions\/1053"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}