There are two things that jump out from the Samsung breach. Firstly, the supply chain is increasingly a massive attack surface for organisations and is a type of exposure that needs to be actively managed with the same enthusiasm and energy as managing vulnerabilities. In fact, organisations need to consider active and continuous threat exposure management to include in scope all the key exposures they have. If they want to mitigate the risk of compromise, this should cover vulnerabilities, supply chain, external attack surface, misconfigurations, leaked credentials, and beyond.
The second big takeaway is the enormous dwell time before discovery, which highlights the need for threat detection and response that doesn’t just rely on alerts from EDR/XDR platforms. To detect the stealthy activities of malicious actors within your environment, wider range detection and response capabilities, up to and including proactive human-led threat hunting, is key.
A good starting point for organisations is to conduct an in-depth compromise assessment to uncover the tracks of a compromise that may already be in your environment without you knowing. If you get a clean bill of health then you can go on to review what’s in place in terms of exposure management and threat detection to then raise it to best-practice levels proven to significantly reduce the risk of compromise.