Page 140 - Cyber Defense eMagazine September 2023
P. 140
strong password policies, encourage the use of password managers, and implement multi-factor
authentication across their systems.
Password management tools can help employees generate and store complex passwords securely.
Implementing single sign-on (SSO) solutions can also reduce the burden of managing multiple passwords
while enhancing security. Regular password change policies, combined with educating employees on
the importance of password hygiene, can further strengthen the organisation's defence against
password-related attacks.
Insufficient network segmentation and access controls also contributed to the successful attack on these
organisations through the vendor route. By failing to separate critical systems and limit access privileges
based on the principle of least privilege, companies inadvertently create avenues for lateral movement
within their networks. A compromised account in one department can easily result in widespread access
across the entire network, making it easier for cybercriminals to exfiltrate sensitive data.
Vendor-related cyber attacks can be particularly dangerous because they bring the challenge of supply
chain vulnerability into sharp focus. Vendors often have privileged access to critical systems or sensitive
data of the companies they work with. If a vendor is compromised, attackers can exploit this access to
infiltrate the target organisation’s network, bypassing traditional security controls.
Cascading attacks
Since many organisations rely on multiple vendors for various services, products, or software
components, this means the impact of a successful attack can span multiple countries and multiple
territories. A successful attack on a vendor can have a cascading effect, leading to widespread damage
and disruption.
Companies often have limited control over their vendors’ security practices and infrastructure. Even if an
organisation has robust security measures in place, a vendor’s weak security posture can undermine the
overall defence and become a point of entry for attackers.
Additional risk assessments should also be considered when dealing with vendors, particularly when it
comes to the exchange of sensitive information.
At the very least, companies should perform thorough risk assessments to evaluate the security practices
of potential vendors before entering into business relationships. This assessment should include
evaluating their security controls, incident response plans, and overall security maturity.
This incident does present an opportunity for knowledge sharing and collaboration. By working together,
the companies affected by the MOVEit attack can help to establish channels for sharing threat intelligence
and security information with vendors. Together, we can collaborate on proactive measures to identify
and mitigate emerging threats.
Cyber Defense eMagazine – September 2023 Edition 140
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.