Cybersecurity attacks are on the rise in today's new normal. According to a recent study, cybercrime has risen 400% since March 2020; the increase has been linked, among other factors, to the COVID-19 epidemic and a sudden shift to working from everywhere.
Arguably the two biggest attacks of late have been the SolarWinds and Mimecast breaches. Both are supply chain attacks, e.g., the attackers were seeking access to client data, not to harm the organization under attack itself; both involved code signing and certificate fraud – and gained notoriety due to the irony of cybersecurity organizations themselves being breached.
We at Unbound believe that while not every cyberattack is preventable, one of the most important things organizations should rely on their MSSPs for new, more innovative ways to secure their systems against a single point of failure where their most critical data is stored and transferred.
Here are 2 takeaways from the SolarWinds and Mimecast breaches, and how they help frame the conversation around cybersecurity in a post-COVID world.
It is always important to analyze how external organizations connect to your organization’s infrastructure and to demand transparency re: what they do.
If an attacker breaches the data of a third-party vendor interacting with your infrastructure, they will be able to do whatever the vendor does. To understand how to prevent customer data from being stolen, it is paramount to therefore understand what these services has access to – and how. This also enables organizations to limit access to client data to the bare minimum as a preventative measure.
While not all cyberattacks are preventable, strong cryptographic key protection will help prevent catastrophic loss.
In most cybersecurity attacks – including these two – private cryptographic keys were stolen, enabling the malicious actors to not only access data, but also bypass multiple important security mechanisms. In the Mimecast attack, attackers compromised a certificate used to authenticate services to Microsoft 365 Exchange; in the SolarWinds incident, attackers forged code used in an Orion update under the guise of a legitimate update, with legitimate code.
While the attacks differ slightly in their mechanics, the target – cryptographic keys and private encryption keys – were the same. Keys are the single point of failure in any data protection scheme, and one which is often overlooked.
Organizations should ensure that client keys – and, indeed, their own cryptographic keys – are protected in every data center or storage silo, including on-premise storage, in databases, on clouds, and in mobile applications and endpoints. This is where Unbound can help.
MSPs and MSSPs can deploy secure key management on any system with Unbound CORE.
Unbound CORE utilizes multiparty Computation or “MPC” to split the cryptographic keys between multiple machines, endpoints, or servers, and carries out computations without ever uniting the key shares. In addition, with Unbound, key shares on servers and mobile devices are refreshed at frequent intervals (every hour, by default) so that although the key remains the same, the material held by each machine or device is completely rerandomized. This means that an attacker must simultaneously breach both machines to learn anything; revealing one share before a refresh and the other share after a refresh reveals nothing at all about the key.
What does this mean for MS(S)Ps? Unbound CORE is 100% software-defined, but also integrates with legacy hardware storage systems (e.g., Hardware Security Modules ). It’s both backwards compatible and post-quantum cryptography ready. And best of all, it’s easy to deploy – taking mere months – providing your customers with secure key management and authentication with FIPS 140-2 Levels 1 & 2 validation as a standalone key protection and management infrastructure and up to FIPS 140-2 Levels 3 & 4 integration when integrated with legacy HSMs and/or additional security systems.
Unbound is also audit-ready for today’s compliance-minded client. While based on a distributed model of trust, the platform also offers a centralized management system for maximum control over operations, transactions, and identity authentications. These deployments can be centralized or decentralized, making Unbound’s solutions ideal for managed service providers; it also provides tamper-proof audit logging, which is easily accessible for quick compliance checks, annual reports, and so on.
Learn more about Unbound’s CORE Platform.
Guest blog by Rocco Donnino, VP of strategic alliances at Unbound Security. Read more Unbound Security guest blogs here.