Comment - Microsoft: Solarwinds hackers targetting cloud services
October 2021 by Saket Modi, Co-founder & CEO at Safe Security
Following the news that Microsoft has announced that the same Russia-backed hackers responsible for the SolarWinds breach this year are continuing to attack the global supply chain and are now targeting cloud service resellers and other companies, the comment from Saket Modi, Co-founder & CEO at Safe Security:
Today in a provider/customer relationship, customers delegate unrestricted administrative rights to the provider to allow seamless management of customers’ tenants. Most often, customers follow traditional and qualitative risk management assessments before onboarding a third party. Nobelium’s ongoing supply chain attacks show the importance of closing loopholes to trusted relationships that cause downstream impacts. Social engineering, cloud misconfigurations relating to unverified delegated administrative privileges, password sprays, API theft, supply chain attacks - are all threat actor techniques that businesses are actively monitoring, but in a siloed and disjointed fashion. Nobelium has been successful because organizations lack a single, enterprise-wide, and real-time cybersecurity view of what and where their vulnerabilities lie across people, technology, and third-party (supply chain).
To effectively manage third party security risks today, organizations need to go beyond a questionnaire and outside in approach only, and have a cohesive inside out, real-time risk analysis of third parties to get a better understanding of their risk posture and critical vulnerabilities.
Now more than ever, businesses need to adopt enterprise wide proactive cybersecurity strategies through breach likelihood scores that can help them measure, manage and mitigate cyber risks through dynamic, prioritized, and actionable insights.