Okta breach leads to questions on disclosure, reliance on third-party vendors – CyberScoop
In another supply chain attack, The Lapsus$ hacker group has targeted Microsoft and Okta in recent breaches confirmed by both technology organizations.
Okta is an prominent identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices.
Criticism of Okta intensified Thursday in the wake of the company’s announcement that customer accounts were potentially compromised in a security breach via an attack on a third-party contractor’s laptop.
Security experts called the attack a significant event in the history of cybercrime; questioned what can be done to strengthen screening of third-party contractors and prepare for more malicious insiders; and criticized Okta for failing to disclose the breach to customers or the public for more than two months.
Dan Tentler, co-founder of cybersecurity company Phobos Group, called the Okta hack potentially “SolarWinds 2.0,” referring to the 2020 breach of a major U.S. information technology firm whose clients were ultimately affected as the attack cascaded.
The attack continues to highlight the growing prevalence of exposure for all of us to third party supply chain risk.
If you need strategic advice on how to review and actively manage your third party supply chain risk contact us today for a free cyber security gap assessment.