Security lessons from the worst cyberattacks
What can security leaders glean from some of the most damaging attacks in the last year?
  • Joan Goodchild
  • 11/05/2021
Security lessons from the worst cyberattacks
When it comes to cybersecurity, the last two years have been particularly memorable – and devastating. From the SolarWinds breach that made headlines late in 2020, to the disruptive attack on energy provider Colonial Pipeline in 2021, criminals are stealthier than ever and finding new ways to exploit victims every year. More than 18 billion sensitive or confidential records were exposed in the first half of 2021, making it the second largest number of records breached in history over a six-month period.

While cybercriminals up their game and continually refine tactics to breach systems, what lessons have we learned about protecting today’s digital infrastructure now? In the first of a two-part post, we look at two of the more valuable takeaways.

Know your code: Securing the software supply chain is essential

The SolarWinds breach, uncovered in December 2020, impacted around 100 large private companies and nine U.S. government agencies after malicious code was injected almost a year before it was detected through a backdoor via the company’s Orion network monitoring software. The sophistication of the hack left many security leaders reeling – wondering how exposed their own data might be to a similar type of compromise.

“It reminds us that when we think about security, instead of just thinking about whether a product is secure at launch, we also need to think about the entire lifecycle,” says Jason Ruger, Lenovo’s Chief Information Security Officer. “That’s a mind shift to think of the lifecycle of products and ensure they will stay secure over time. Security innovations need to outpace the threats. It isn’t a cost, it’s an investment for protection.”

Although SolarWinds brought the issue of the software supply chain under a bright spotlight, Nima Baiati, Lenovo’s GM of Commercial Cybersecurity Solutions, says the widespread remote workforce that began to take shape in 2020 also pushed security teams to consider supply chain issues for both hardware and software.

“One of the things we were hearing from customers was how were they going to get devices to workers?” Baiati says. “The supply chain really became top of mind, in terms of how do they go about ensuring a device is secure when it may not even go to my IT team for provisioning? How do I ensure that the device I am getting as a customer has legitimate components?”

The pandemic exposed the complex interconnections among technology of all types and forced IT and security teams to reconsider how they ensure the security of third-party relationships across the supply chain. One lesson, according to Baiati, is to ask critical questions about third-party products and relationships.

“Are you confident that the products and solutions you’re using are what they say they are?” he asks. “We’re not just looking at it as an email challenge or a data encryption challenge, but as an end-to-end challenge. As a technology vendor, it’s crucial that we secure every step of the supply chain, from R&D and manufacturing processes to devices reaching the end users’ desks.”

Ransomware detection and mitigation has become a priority for all industries

Ransomware attacks have been all over the news. Colonial Pipeline, an oil supply pipeline that serviced a large section of the eastern United States, was attacked in May 2020 by an affiliate of a Russia-linked cybercrime group known as DarkSide. The energy firm paid a $4.4 million ransom to the hackers (some of which was later recovered) after the attack disrupted oil supplies in many parts of the country.

Only weeks later, JBS USA Holdings, the largest meat processing company in the world, was forced to pay $11 million in ransom after an attack disrupted operations at many of their plants.

“Ransomware is the true democratization of cyberattacks,” says Baiati. “It doesn’t require a great deal of skill to launch. It’s a numbers game. But the true business impact is significant.” In addition to money lost in recovery time and ransom payments, organizations also need to consider brand damage and loss of customer trust stemming from an attack.

In recent months, the attacks have taken on an even more sinister form, according to Ruger.

“The attackers have learned through bio-mimicry,” he says. “Ransomware used to immediately lock your machine. Now, there’s a pause as it tries to infect many other computers.”

By taking their time in systems to collect data, attackers can return to victims later and demand more ransom in exchange for their information. Threats to leak intellectual property after an attack are now common.

That’s why, in addition to having tools that can help detect ransomware, it is critical to create a security architecture that limits the lateral spread of malware if a breach is successful, says Ruger.

Attacks on targets such as energy providers warn us that all types of technology, including operational technology, are becoming prime targets.  The U.S. Cybersecurity & Infrastructure Security Agency notes that OT assets are an attractive target for criminals looking to disrupt critical infrastructure.

“The attack surface has increased beyond intellectual property to non-IT environments. You wouldn’t think that a machine that mixes materials for concrete would be at risk,” says Ruger. “But now we’re seeing that criminals have been able to extract value from attacking those types of systems.”

In our next post, we look at other significant cyberattacks and how awareness training, and AI and automation technologies can play an important role in proactive security, defense and rapid response to incidents.

Watch the latest episodes of LNIT

Season 2 (8 episodes)
Season 1 (8 episodes)