We are only halfway through 2024, but there have already been thousands of data protection incidents, several of which have caused quite serious damage.
In February, Change Healthcare, a revenue and payment cycle management provider in the US, was attacked by ransomware. The attack disrupted healthcare services across the country for weeks, allowing fraudsters to obtain the data of ” a significant portion of the American population.”
According to parent company UnitedHealth, the damage from the incident likely exceeded $1 billion .
Around the same time, more than a hundred customers of Snowflake, a data storage, processing and analytics platform , had their data leaked because they did not set up two-factor authentication. Of the few that have disclosed the data breach, Ticketmaster is probably the most significant, with more than 560 million customers’ data at risk, including personal and payment information.
If you’ve ever worked with Fiverr, authenticated yourself on TikTok, used PayPal, LinkedIn, or Coinbase, chances are that the credentials you provided during the KYC (know your customer) process your identity documents have been stolen from the AU10TIX authentication provider. The catch is that this could have been easily prevented, but many people forget to change their passwords for more than a year.
The United States and several allied countries in Europe and Asia have passed laws restricting the installation of telecommunications equipment designed or manufactured in China, and have also imposed bans on the use of Chinese-made surveillance equipment, servers and drones.
At the end of March this year, a programmer single-handedly prevented Debian and Red Hat servers from being hacked. An almost ubiquitous tool in Linux distributions, xz Utils provides critical data compression and decompression functions. For years, malicious persons (presumably state actors) tried to gain the trust of the device’s (volunteer) maintainer, until they finally took over several tasks. After nearly two years of cooperation, they smuggled in code that would have allowed them to infiltrate any server running software by hijacking and injecting SSH sessions.
It was almost like a spy novel, described by experts as one of the “best-executed supply chain attacks” that almost succeeded .
Although these types of attacks are rarer, they are unfortunately more difficult to identify and can have catastrophic consequences if not properly addressed.
Did you know that the computing device, browser, and network connection you are using while reading this article was developed and maintained?
Let’s go one step further. What about your operating system, EDR, VPN, or the various software and services you use for everyday communication and work?
If you’re using an iPhone or Mac, you might think the answer is simple. Apple, right? You’re technically right, but the situation is much more complex, even for devices as tightly integrated as Apple’s products. Much like Linux, which can consist of hundreds if not thousands of devices and projects, a server, PC, or any “smart” device is a single massive integration of hardware, firmware, software, and remote services.
For more than five years, some servers from Lenovo, Intel and Supermicro have had several security holes in the common subsystem used for remote management and diagnostics in BMC.
The manufacturers designing the BMC software forgot to update the open source component called lighttpd, which was only fixed later in 2018.
The pursuit of greater security
In the midst of these alarming incidents, the latest legislation of the European Union, especially the Network and Information Security (NIS)2 directive, which will come into force later this year, is driving the European market towards the adoption of security measures and thorough risk assessment and management, with particular emphasis on strengthening supply chain security.
In the United States, the 2021 executive order (14028-Improving the Nation’s Cybersecurity) focused on identifying risks inherent in the security practices of developers, vendors, and the final software product. Along with existing legislation such as the National Defense Authorization Act (NDAA), the Trade Agreements Act (TAA), and security awareness and oversight by the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST), albeit at a relatively slow pace.
At the forefront of innovation
Businesses and organizations can simply prepare for the worst by taking a few important steps in their IT procurement and governance processes.
One powerful tool is the software bill of materials (SBOM), which provides a comprehensive list of all the software components used in a particular system, service, or larger piece of software.
SBOMs allow organizations to gain insight into exactly what is running in the IT infrastructure, which components are being actively used, and whether there are security gaps.
Similar to ingredient lists on packaged foods, SBOMs provide transparency to black boxes. By conducting frequent security audits, companies can proactively identify and eliminate security vulnerabilities.
In the near future, the availability of the SBOM and the speed of the security response will increasingly be the decisive factor. For example, Synology generates SBOMs in CycloneDX and SPDX formats for enterprise customers. Synology sets the bar for data management and protection solutions high when combined with a quick response to address zero-day or critical vulnerabilities.
It is imperative for IT professionals and decision-makers to prioritize source-side security for all systems.
Make sure your resellers are transparent about the software and services they use and are committed to performing regular security audits.
As the cyber security situation becomes more and more serious, it is better to prepare now.