Lapsus$ Breach of Okta: Third-Party Incident Response

Answer these four questions to determine if you are ready for a third-party cyber incident.
By:
Scott Lang
,
VP, Product Marketing
March 24, 2022
Share:
Blog 0324 okta breach

This week’s announcement by Okta that an attacker gained access to its internal systems serves as the latest reminder that organizations must maintain an up-to-date view of the technologies utilized by their third parties and supply chain partners. Lacking such a view would leave companies exposed to exploitation if one of their vendors is part of the 2.5% of Okta customers impacted by the Lapsus$ breach. What’s worse, if this breach is wider than Okta has acknowledged it could impact more than 15,000 customers and put millions of end-users at risk of compromise.

Four Questions to Answer

Determining your organization’s exposure starts with an understanding of which third-party vendors and suppliers are using the Okta solution, requires an impact assessment and remediation steps, and leverages continuous monitoring of third parties for validation. Start with answering these four questions.

1. Do you have a centralized inventory of all suppliers?

All third parties represent some level of risk to your enterprise, but unmanaged, rogue vendor usage can be even riskier if a proper security evaluation hasn’t been performed. After all, you can’t manage what you can’t see. Inventorying your vendors should be done in a centralized platform – not spreadsheets – so that multiple internal teams can participate in vendor management, and the process can be automated for everyone’s benefit. Then, conduct inherent risk scoring to help you determine how to assess your suppliers on an ongoing basis according to the risks they pose to your business.

2. Can you identify technology concentration risk among your suppliers?

As part of the inventorying process, build a comprehensive profile for every vendor that includes industry and business insights, demographics, 4th-party technology relationships, and other important information. Collecting 4th-party technologies deployed in your supplier ecosystem helps to identify relationships between your organization and third parties based on Okta usage and will help you visualize attack paths into your enterprise and take proactive mitigation steps.

3. Are you assessing impacted third parties for their business resilience and continuity plans?

Proactively engage impacted vendors with simple, targeted assessments that align with known industry supply chain security standards such as NIST 800-161 and ISO 27036. Results from these assessments will help you target needed remediations to close potential security gaps. Good solutions will provide built-in recommendations to speed the remediation process and close those gaps quicker.

4. Are you continuously monitoring impacted vendors and suppliers for cyber-attacks?

Centrally managing vendors, understanding concentration risk, and being more proactive about assessing vendor business resilience plans is a great start. However, you have to be continuously vigilant for the next attack. That’s why you should look for signals of an impending security incident by monitoring the Internet and dark web for your vendor’s cyber threats and vulnerabilities.

Monitoring criminal forums, onion pages, dark web special access forums, threat feeds, paste sites for leaked credentials, security communities, code repositories, and vulnerability and hack/breach databases is essential. You can monitor these sources individually, or you can look for solutions that unify all the insights into a single solution, so all risks are centralized and visible to the enterprise.

9 Steps to a Third-Party Incident Response Plan

When one of your critical vendors is breached, being ready with a prescriptive incident response plan is essential to preventing your company from becoming the next victim.

Read Now
White paper incident response 0421

Third-Party Incident Response: An Ounce of Prevention is Worth a Pound of Cure

The wrong time to test your third-party incident response plan is when a potentially significant breach happens. Delays between a vendor incident and your own risk identification, analysis, and mitigation will leave your organization exposed to operational disruptions. Prevalent can help.

The Prevalent Third-Party Incident Response Service enables you to rapidly identify and mitigate the impact of vendor cyber-security incidents by centrally managing vendors, enabling you to automate event assessments, scoring identified risks, and accessing remediation guidance.

Don’t get caught flat-footed by a third-party cyber-attack you know is coming. Schedule a demo to learn more.

Tags:
Share:
Leadership scott lang
Scott Lang
VP, Product Marketing

Scott Lang has 25 years of experience in security, currently guiding the product marketing strategy for Prevalent’s third-party risk management solutions where he is responsible for product content, launches, messaging and enablement. Prior to joining Prevalent, Scott was senior director of product marketing at privileged access management leader BeyondTrust, and before that director of security solution marketing at Dell, formerly Quest Software.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo