The Snowflake hack did not end with data breaches but has evolved into a concerning set of cyber attacks.
Recap of the Snowflake hack
Last week, a data breach targeting Snowflake, a prominent data cloud platform used by financial services and Alternative Investment Managers, made headlines. Hackers exploited stolen user credentials from profiles that did not use multi-factor authentication (MFA) to access Snowflake accounts.
Read: The Snowflake hack: A wake-up call for Alternative Investment Managers
Attack escalations
What started as a breach on ~165 organizations has now escalated into a series of ransomware attacks. Cybercriminals continue to use the stolen credentials to launch ransomware campaigns against affected organizations.
What we can learn from the Snowflake hack
1. Confirm your policies on MFA and enforce them.
Your Written Information Security Policy (WISP) should have a clear policy on the use of Multi-Factor Authentication (MFA), particularly with Cloud and Software-as-a-Service (SaaS) in use by the business. Your team should review and confirm their implementation meets your policies.
2. Perform a Vendor Risk Assessment
To protect your organization, conduct a thorough Vendor Risk Assessment. Evaluate how much personally identifiable information (PII) your vendors store and transmit on your behalf. Understanding the extent of your data exposure with each vendor is crucial for identifying potential risks and implementing appropriate security measures.
What’s next
Safeguard your firm’s sensitive data with Cyber Risk and Vendor Risk Assessments from Drawbridge. We identify cyber risks (including access management) by severity and eliminate the need for your team to chase down due diligence questionnaires from every vendor.
Beyond our innovative solutions, our Client Success team of cyber experts provides tailored policies to help you build and optimize a robust cyber posture, meeting the expectations of board members, investors, and regulators.
Contact us today to learn more about our Cyber Risk Assessment, Vendor Risk Assessment, and other cyber assessments tailored specifically for Alternative Investment Managers.