Sony cyber-attack wake-up call to address supply chain issues

Businesses have been told to keep a close tab on the security of their supply chains in the wake of the latest cyber-attack on Sony, which the tech giant confirmed this week.

“I don’t think we have seen the end of MOVEit disclosures yet at all, nor will we any time soon,” said Martin Kraemer, security awareness advocate at KnowBe4.

“This will be a gift that keeps on giving, as attackers – like the Clop gang – seized the opportunity to smash and grab as much as possible, as quickly as possible. They will keep sifting through their plunder and keep releasing information on the dark web as suits their goals.”

“The Clop gang is known to attack supply chains as has happened with MOVEit. The incident serves as a timely reminder to keep close tabs on all software (and hardware) supply chains. With the introduction of new regulations, eg NIS-2 in Europe, companies must strive to secure their supply chains. With NIS-2 there even is an element of personal liability of executives for cybersecurity incidents. It is past time organizations took action.”

Darren Guccione, CEO and co-founder at Keeper Security added: “As cyber teams continue to address the fallout from MOVEit, the news of another breach should serve as a wakeup call to every organisation that this serious zero-day vulnerability must be remediated immediately.”

“All organisations should take a proactive approach to regularly update software and immediately patch vulnerabilities that are being actively exploited in the wild. Organisations must ensure they have a patch deployment process defined and written down, with emergency levers for critical vulnerabilities. When organisations have a clear plan, their teams can execute it accordingly.”