Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
April’s ransomware attack on telecommunications giant AT&T, which it revealed in a July 12 SEC filing, was the result of a hack of cloud computing company Snowflake. The massive breach exposed the metadata of almost every network user, and though AT&T reportedly paid the ransom and ensured the hacker deleted the files, the attack serves as another powerful reminder of the importance of smart third party vendor management.
“Security leaders at organizations of all sizes should take these attacks as a warning sign to reinforce their identity access management tools by implementing multi-factor authentication, VPNs, and regular security awareness trainings,” Dan Schiappa, Arctic Wolf’s chief product and services officer, told IT Brew in an email.
Root down. The ramifications of the hack should have further implications, Saviynt CTO Jim Routh told IT Brew.
“My preference as a cybersecurity professional is to focus on the root cause of the original incident,” Routh said. “And that root cause is the lack of a mature third party governance program in place by enterprises.”
That tends to manifest itself as “poor identity access management controls for the secrets or passwords or accounts that get exploited by threat actors, who then try to populate malicious software into the software supply chain and ultimately use those compromised credentials to move laterally and do other damage,” Routh continued. Managing identity access is essential to preventing threat actors from accessing systems—as the AT&T hackers did through Snowflake.
Triple threat. Third party vendors have caught a lot of heat lately, as IT Brew has reported. Supply chain concerns and security have been important, as BlackBerry VP of Product Security Christine Gadsby told us at RSA: “For software manufacturers, this is a huge, different ballgame. Because when we make a product, it goes into someone else’s network that has access to all that stuff, and then they send it out to somebody else.”
To manage third party vulnerabilities in a threat environment where attacks are increasing, it’s important to move aggressively, Routh said. Security professionals have to gain more understanding of how to manage software developed offsite and deployed inside primary systems. There’s an urgent need for the “mature third party governance program” that he noted was lacking.
“We’re in this situation where the incident number is growing, and it’s scary,” Routh said. “The call to action is really improve identity access management for third party governance.”