Website Preloader

The ProcessBolt Platform

agsdix-c370-one-solution

ProcessBolt AI

AI-assisted vendor risk management, and real-time threat monitoring platform. 

agsdix-c370-key-insights

ThreatScape

Attack surface management and security rating solution.

agsdix-c370-manual-reviews

DocAI

Document intelligence and analytics.

agsdix-c370-collaboration

Share Center

Secure and timebound document sharing for the enterprise.

agsdix-c370-integration

Assessment & RFP Response Solution

Answer questionnaires using Knowledge Base and documents with AI assistance.

Let's Get Started!

The Snowflake Incident: Lessons for Third-Party Risk Management

July 25, 2024

Share On Linkedin
Share On X

The recent Snowflake incident has sent shockwaves through the cybersecurity community, highlighting the critical importance of robust third-party risk management. This high-profile data breach, which resulted from compromised credentials, has highlighted the vulnerabilities that can arise when organizations rely on external vendors. The incident has significantly impacted customer data security, potentially leading to data theft and causing substantial reputational damage to the cloud data warehousing giant.

As the dust settles, Chief Information Security Officers (CISOs) and cybersecurity professionals are looking hard at their current third-party risk management strategies. This article delves into the lessons learned from the Snowflake incident, exploring the challenges of managing third-party risks in today’s complex digital landscape. We’ll examine effective strategies to mitigate these risks, including implementing vendor risk assessment tools and advanced attack surface monitoring solutions. By understanding the financial and operational impacts of such cybersecurity incidents, organizations can better prepare themselves to safeguard their assets and maintain trust in an increasingly interconnected business environment.

Snowflake Incident: A Wake-Up Call for Cybersecurity

Overview of the Breach

The Snowflake high-profile breach, discovered on May 23, 2024, involved unauthorized access to numerous customer accounts, exposing vast amounts of sensitive data. The incident has affected several major companies, including Santander Bank, Ticketmaster, LendingTree, Advance Auto Parts, and AT&T.

The breach’s scope is alarming, with reports suggesting that hundreds of millions of records have been compromised. In one instance, a threat actor claimed to have obtained 380 million customer details from Advance Auto Parts and data linked to 190 million people from LendingTree and its subsidiary QuoteWizard.  At&T determined that the breach had affected roughly 70 million past or present customers.  The Ticketmaster data breach alone allegedly involves over 560 million customer records, potentially marking it as one of the largest US data breaches in recent history.

Implications for Cloud Service Providers

This incident has significant implications for cloud service providers and their customers. The breach was not the result of a single vulnerability but rather a sophisticated, multi-pronged attack. Brad Jones, Snowflake’s Chief Information Security Officer, explained that the breach was orchestrated through a combination of phishing, malware, and info-stealing tools.

Key factors contributing to the breach include:

  1. Lack of Multi-Factor Authentication (MFA): Snowflake’s policy of not automatically enrolling or requiring customers to use MFA left many accounts vulnerable. This decision has drawn criticism from cybersecurity experts.
  2. Outdated Credentials: Many of the stolen credentials were years old, indicating a dangerous lapse in regular password rotation practices.
  3. Absence of Network Allow Lists: The impacted Snowflake customer instances lacked network allow lists, which would have granted access only to trusted locations.
  4. Infostealer Malware: The attackers utilized login credentials from compromised devices, specifically targeting accounts protected only by single-factor authentication.

The consequences of this breach extend beyond data loss. Snowflake’s stock price fell by more than 20 percent since the breach was made public, highlighting both financial losses and reputational damage. Additionally, international regulatory agencies have taken notice, with investigations initiated by the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) in the United States.

This incident is a stark reminder of the critical importance of robust cybersecurity measures in cloud environments. It underscores the need for cloud service providers to implement and enforce stringent security protocols, including mandatory MFA, regular credential rotation, and network access controls. For CISOs and cybersecurity professionals, this breach emphasizes the necessity of comprehensive third-party risk management strategies to protect sensitive data in an increasingly interconnected digital landscape.

Third-Party Risk Management: Current Challenges

As organizations increasingly rely on third-party relationships to enhance competitiveness and expand operations, the complexity of managing associated risks has grown exponentially. Chief Information Security Officers (CISOs) and cybersecurity professionals face a multitude of challenges in implementing effective third-party risk management (TPRM).

Complexities in Modern Supply Chains

Modern supply chains have become intricate webs spanning multiple countries and involving numerous subcontractors. This complexity introduces layers of risks that organizations must navigate carefully. A robust TPRM system needs to assess not only the direct risks posed by primary vendors but also evaluate the risks presented by secondary and tertiary suppliers.

The interdependence of business ecosystems has made TPRM a critical component of corporate strategy. When a business outsources part of its processes to an external party, it undertakes several risks that can be complicated to manage. This complexity is further exacerbated by the fact that 83% of organizations surveyed experienced multiple data breaches due to third-party system integration.

Inadequacies in Traditional Risk Assessment

Traditional risk assessment methods are proving inadequate in the face of evolving threats and complex third-party relationships. Many organizations still rely on outdated and manual risk management processes, which are insufficient in an age where real-time risk assessment is crucial. Using legacy methods, such as spreadsheets, has become a significant barrier to effective TPRM.

The lack of visibility into third-party operations leaves organizations vulnerable to unforeseen risks, including ongoing operational risks and financial instability of vendors.

Furthermore, risk assessments often create a false sense of security. Many assessments are conducted by individuals who do not practice cybersecurity, using a checklist approach that may not accurately reflect real-world threats. These assessments can be overly cumbersome, with reviews of hundreds or even thousands of line items, leading to misalignment between IT security teams, senior management, and the board of directors.

Organizations need to adopt a more comprehensive and dynamic approach to TPRM to address these challenges. This includes:

  1. Implementing centralized and automated TPRM processes
  2. Conducting ongoing monitoring and oversight of third-party compliance
  3. Developing incident response and remediation strategies
  4. Adopting a risk-based approach that prioritizes critical activities and higher-risk relationships

By addressing these challenges head-on, CISOs and cybersecurity professionals can better protect their organizations from the evolving landscape of third-party risks in today’s interconnected business environment.

Strategies for Mitigating Third-Party Risks

Developing a Comprehensive Third-Party Risk Framework

To effectively mitigate third-party risks, organizations must establish a robust Third-Party Risk Management (TPRM) framework. This framework should provide a roadmap for building TPRM programs based on industry-standard best practices and serve as a foundation for baseline control requirements for vendors and suppliers. A well-structured TPRM framework helps organizations identify, assess, and manage risks associated with outsourcing work to third parties, including partners, resellers, contractors, and suppliers.

Critical components of a comprehensive TPRM framework include:

  1. Risk Identification: Accurately detect third-party risks across relevant risk profiles, such as regulatory compliance, cyber framework alignment, and software vulnerabilities.
  2. Risk Analysis: Evaluate the scope of detected third-party risks and project the impact of specific remediation tasks.
  3. Risk Management: Implement a workflow that addresses the complete risk management lifecycle, from detection and assessment through to remediation.
  4. Risk Monitoring: Provide a means of tracking the efficacy of remediation efforts and the emergence of new third-party risks.

Organizations can leverage frameworks such as NIST 800-161, ISO 27036, and Shared Assessments to guide the development of their TPRM programs. These frameworks offer valuable controls and information for mitigating risks from third-party relationships.

Leveraging Technology for Continuous Monitoring and Assessment

Continuous monitoring is crucial for evaluating and detecting security and compliance issues in real-time, providing a constant view of the third-party risk landscape. Implementing technology solutions for ongoing monitoring offers several benefits:

  1. Proactive Approach: Real-time insights into vendors enable organizations to observe movements against risk thresholds that require assessment based on changes to security posture rather than calendar dates.
  2. Time and Resource Savings: Continuous monitoring helps reduce the investment required for manual assessments, which can be slow and costly, especially for organizations with hundreds or thousands of vendors.
  3. Objective Context: Leveraging objective, externally observable information helps verify vendors’ security practices and flag areas for follow-up, reducing human error and inaccuracies.

Fostering a Culture of Security Awareness

Building a culture of security awareness is essential for effectively mitigating third-party risks. This involves educating employees, third-party contractors, and stakeholders about their roles in maintaining information security.
By implementing these strategies, organizations can significantly enhance their third-party risk management capabilities, reducing the likelihood of data breaches, operational disruptions, and reputational damage associated with third-party relationships.

Conclusion

The Snowflake incident serves as a wake-up call for CISOs and cybersecurity professionals, highlighting the critical need for robust third-party risk management strategies.

To effectively mitigate third-party risks, companies must develop a holistic approach that combines a strong risk management framework with cutting-edge technology for continuous monitoring. It is essential that organizations incorporate attack surface monitoring and AI into their vendor risk management programs. By continuously monitoring vendors’ security postures, organizations can identify vulnerabilities before attackers exploit them.

Get in touch with ProcessBolt’s third-party risk experts to discuss how the latest innovations in attack surface monitoring and AI can be used to prevent third-party breaches.

Please enable JavaScript in your browser to complete this form.
Please enter your business email address.
Name

You May Also Like…

Lessons from the National Data Breach

Lessons from the National Data Breach

August 28, 2024

In an era where data breaches have become alarmingly common, the National Public Data Breach stands out as a stark reminder of the vulnerabilities in our interconnected digital landscape. This...

read more