The Kaseya supply chain attack (also known as the fourth of July attack) is the hottest cyber topic these past few days. How can it affect your business and what can you do about it? Kobi Freedman, Findings CEO, provides answers as well as an actionable solution.
Recently, numerous cyber attacks have been targeting supply chains, affecting hundreds of thousands of vendors globally, impacting large numbers of companies, putting them at major risk in terms of supply chain disruption and cyber exposure. Past incidents which include SolarWinds, Accelion, MS Exchange, Fortinet as well as the current Kaseya indicate a steep future risk trajectory, with major implications.
What happened to Kaseya?
Kaseya IT group provides financial management software tools for medium and large organizations, used by a massive number of customers.
On July 4th Kaseya disclosed a compromise by the REvil group – a cardinal cybercrime syndicate, resulting in a breach that allowed attackers to deploy ransom malwares to Kaseya customers. Kaseya claims only the VSA product line (a unified IT management tool) was exposed and that only 1500 (!!!) customers were breached – however, due to the fact that Kaseya’s wider circle of influence is estimated in 1 million businesses, the announcement should be considered with a grain of salt.
The attack caused business disruption to thousands of companies, impacting over 1 million users. While the US Govt is actively pursuing the REvil group, so far, no one has been arrested. The attack’s economic and full damage extent is yet to be determined as the incident is still in progress.
Third-party attacks have been fundamental for cybercriminal groups due to its effectiveness, financial return, and the ability to simultaneously extort multiple organizations.
The extent of these attacks is astonishing; Findings customers’ long-tail assessments indicate on average 15-20% exposure rate to SolarWinds, Accelion and other attacks – a risk currently not being reviewed by traditional vendor risk assessments lifecycle – whether upon onboarding or periodically performed.
What can you do?
- Ensure your organization has entire supply chain visibility and continuous risk exposure of every business continuity vendor.
- Have the capability to rapidly act upon current and future events to review any potential exposure.
Findings long-tail monitoring protocol provides customers the ability to continuously map their entire vendor-space risk. In the case of a supply-chain incident, Findings enables 3rd and 4th tier vendor rapid assessment, detection and mitigation. This will allow you to prioritize risk mitigation as well as efficient and timely action tracking.