December 08, 2021//Isa JonesLast Updated: January 10, 2022
At the end of last year, we said that in 2021 ransomware would be here to stay, and the big trends will be third-party attacks and cyber terrorism. While no one likes to say “I told you, so,” especially when it comes to cybersecurity, the past 12 months saw headline after headline about ransomware attacks, third-party hacks, breaches of valuable data (like EMRs), and even some cyber espionage. 2021 highlighted vulnerabilities within third-party connections, saw hackers getting smarter and better, and showed how cyber attacks can have devastating real-world consequences. You only need to look at three of the biggest data breaches of 2021 to see the rising trends.
Technically, the SolarWinds cyber attack happened at the end of 2020, but the consequences were felt throughout 2021. A malicious group—directed by a Russian Intelligence Group—pulled off one of the biggest data breaches in 2021 by breaching SolarWinds by adding bad code into an update for Orion, the company’s network management system. Then, the group sent that update out through an email, essentially phishing 18,000 vendors. Those vendors included large government entities, like parts of Homeland Security and the Treasury Department. It’s possible, based on an NPR report, that the hack purposefully targeted dot gov customers of SolarWinds.
The response highlighted another major trend this year: more regulation. The Biden administration handed down sanctions to Russia, who it believed was responsible. In addition, this major hack might’ve been the attack that changed cyber warfare, as cybersecurity became a major part of Biden’s infrastructure goals and bill.
In May, a ransomware attack targeted the computerized equipment of Colonial Pipeline—a major oil pipeline company—that was part of their larger billing system. In response, to limit the attack, Colonial Pipeline turned off their systems. This resulted in panic buying and gas shortages across the eastern coast, and cost the company at least $5 million.
This recent cyber attack, which not only shut down systems but gas pumps throughout the Southeast, highlighted how vulnerable supply chains can be to breaches, and how devastating a critical infrastructure hack can be.
In the age of globalization, the hack of one system can spread far and wide. Kaseya, an IT software company, was not only hacked, but the attackers were able to hack a software update and push it through to hundreds of customers. Not one, but hundreds of customers—including a grocery store chain, schools, and a national railway system—were hit with ransomware simultaneously.
Hackers want to maximize profit. They go after the big game for the big rewards, and when ransomware amounts hitting all-time highs, it’s no surprise that a group would try to see if hundreds of systems could be hit at once.
It’s threefold: If you hack one you can breach many, there’s a continual mismanagement of critical access points, and real-life consequences of digital breaches.
No server is an island, and 2021 highlighted the ripple effect a breach of just one system can have, especially when that system is connected to hundreds or thousands of vendors. Third parties continue to be an organization’s most vulnerable connection point, and 51% of all breaches originate with a third party. SolarWinds is a vendor to major government entities, each one of which contains a large amount of private, sensitive information. By just getting into one part of SolarWinds, a part of the U.S. government immediately became susceptible to hackers.
Third parties aren’t the only vulnerability for a system. Every critical access point needs to be protected. Colonial Pipeline should’ve decommissioned VPNs in a timely manner to protect their systems, and should’ve had more in place to prevent lateral movement, which in turn may have avoided a full system shutdown. SolarWinds needed to better protect access into Orion systems and vendor emails, and Kaseya needed to protect access into the software update programs. Failing to secure access points and critical assets can have substantial consequences that start a chain reaction with ramifications that extend beyond the business itself.
Those ramifications quickly extend into the real world. The Colonial Pipeline data breach showed how a software breach can become a gas shortage in a snap. As the world becomes more online, as systems merge, and as critical infrastructure becomes a prized target for hackers, the threat is not just a system going down, it’s a gas system, a healthcare organization, or more going down.
Critical Access Management is the key to protecting an organization from data breaches and potential cyber attacks. By implementing solutions that follow the three pillars of critical access management—access governance, access control, and access monitoring—an organization is able to gain visibility into who has access to what, implement fine-grained access controls like Zero Trust Network Access, and be able to better monitor access for insight and prevention.
As 2021 showed, and as 2022 will surely show again, hackers are counting on apathy and will continue to find weaknesses within organizations that can be exploited. Securing access points and assets is no longer optional — it’s critical.