The recent cyberattacks targeting over 160 Snowflake customers, including major organisations like Santander and Ticketmaster, have sent shockwaves through the cybersecurity landscape. These breaches, perpetrated by a financially motivated threat actor tracked as UNC5537, have not only exposed vulnerabilities in Snowflake’s customers’ security protocols but also highlighted the broader risks associated with shadow IT and the urgent need for multi-factor authentication (MFA).
Shadow IT: Users are an organisation’s cyber security Achilles’ heel
Shadow IT, the use of unauthorised technology or software within an organisation, often without the knowledge or approval of IT departments, has emerged as a significant cybersecurity risk factor. In the Snowflake breach, the infostealer malware used to steal credentials was found on personal computers belonging to third-party contractors. These devices, often used for both work and personal tasks, provided a vulnerable entry point for the attackers.
The consequences of unmonitored shadow IT practices extend far beyond the Snowflake incident. When employees or contractors use unsanctioned devices or software, they expose the organisation to a range of threats, including malware infections, data breaches, and compliance violations. The lack of visibility and control around shadow IT assets makes it difficult for security teams to detect and respond to potential threats promptly.
MFA: A Vital Line of Defence
The Snowflake breach has also highlighted the critical importance of multi-factor authentication (MFA). MFA adds an extra layer of security by requiring users to provide multiple forms of verification, such as a password and a unique code sent to their mobile device, to access sensitive systems and data.
In the Snowflake incident, the absence of MFA on the compromised accounts allowed threat actors to easily gain unauthorised access using stolen credentials. This underscores the fact that passwords alone are no longer sufficient to protect sensitive information. MFA significantly increases the difficulty for attackers to compromise accounts and data.
What does this mean for organisations going forward?
The Snowflake breach serves as a stark reminder that strong cybersecurity hygiene, including the adoption of MFA and stringent management of shadow IT risks, is crucial for protecting sensitive data. Organisations must take a proactive approach to cybersecurity, implementing comprehensive security measures, educating employees and contractors about the risks of shadow IT, and regularly reviewing and updating their security policies and procedures.
XMA: Your Trusted Partner in Cybersecurity
At XMA, we specialise in supporting our customers cyber security resilience by offering a comprehensive range of services to help organisations enhance their security posture and mitigate the risks associated with shadow IT and inadequate authentication practices.
XMA’s Cyber Security Assessment Services are designed to identify vulnerabilities across your digital landscape, providing actionable insights to strengthen your defences. Our 24/7 Threat Detection and Protection services, trusted by government and law enforcement agencies, offer reliable and comprehensive protection against evolving cyber threats.
The Way Forward
The Snowflake breach is a wake-up call for organisations of all sizes. It underscores the urgent need to address the growing risks associated with shadow IT and the critical importance of implementing robust security measures, including MFA. By partnering with cybersecurity experts like XMA, organisations can take proactive steps to protect their sensitive data and mitigate the ever-evolving threat landscape.
Contact Adam Little, XMA’s Security Lead at adam.little@xma.co.uk to learn more about how we can help you strengthen your cybersecurity defences and safeguard your organisation’s future.
