With geopolitical unrest rocking global supply chain markets, more businesses than ever are vulnerable to cyberattacks. Given today’s precarious landscape, it is essential that companies in supply chain, logistics and manufacturing implement flexible cybersecurity solutions that optimize IT performance and keep organizations safe. .
Supply chain cyberattacks are on the rise. In such attacks, malicious actors gain access to corporate networks by compromising third-party systems. Once criminals insert malicious code into supply chain applications, that software becomes a Trojan horse of sorts.
According to Business Insider India, attacks against supply chains are increasing by 37% every year, and about 40% of all manufacturing brands have faced IT outages during the pandemic. For the first time ever, in March this year, McKinsey listed global supply chain disruptions as a serious business risk.
Imposing minimum security requirements on suppliers
With attackers targeting third-party vendors without adequate cybersecurity controls in place, it’s important to get as much visibility into your software supply chain as possible. Be sure to check your vendors’ security protocols and assess where the software is developed and how it is packaged. To ensure supply chain integrity, request security compliance checks (such as ISO 27001 or CyberEssentials Plus) from all your suppliers. Regularly audit the security of the companies that provide you with software, as well as any open source repositories their developers pull from.
As an important caveat, do not provide your suppliers with prescriptive security advice during audits. Undoubtedly, it is important that your providers properly handle the security of their networks; however, if you advise on specific actions they should take, you may be held liable for any breach.
Adopt a zero-trust mindset
In addition to ensuring that your third-party vendors are certified to regulatory compliance standards, be sure to use a Zero Trust Network Architecture (ZTNA) within your company. This basically means that you should assume that every access request has been compromised. Until you confirm otherwise, IT staff should always assume that there has been a breach in the network.
Supply chain attacks tend to exploit privileged access and software that uses open communication channels. It is therefore important to limit employee access to data, applications and systems at all levels. Employees should only have access to the minimum amount of data necessary (for the least amount of time) that they need to do their job.
Make remediation a priority and use analytics to monitor insider threats
Malicious actors are constantly on the lookout for vulnerabilities within third-party systems, which makes it important to use adequate patch management tools. Good solutions will offer patch deployment for Windows, Mac, and Linux systems, as well as hundreds of third-party systems.
Through the use of User and Entity Behavior Analysis (UEBA) tools, it is easy to detect insider threats. With such tools, any abnormal activity on the network, whether trivial or not, can be flagged, sending an automated alert to IT staff.
Consider using a vendor privileged access management (VPAM) solution
If you work with many vendors, an effective VPAM tool can be a good way to maintain the integrity of your corporate network. When you use applications and systems from outside entities, representatives from those entities may need to troubleshoot and support their products on your network, which may require privileged remote network access.
With a VPAM solution, your IT staff can efficiently identify and authenticate third-party vendor representatives; then, once authenticated, access and permissions can be granted based on user credentials and the task at hand. Additionally, to ensure security compliance, a good VPAM tool will make it easier to monitor, record, and audit sessions.
Have an incident response plan in place
In the event of a successful attack, it is essential to have a strategy in place to minimize damage to your operations and infrastructure. If there has been a data breach, be sure to notify the relevant authorities and your customers.
An effective incident response plan will prevent the suspension of your business activities. Be sure to record all events leading up to the attack, as audit trails will help prevent such an attack from happening again. For more detailed guidance, the National Institute of Standards and Technology (NIST) and the SysAdmin, Audit, Network, and Security Institute (SANS) have established industry-standard incident response frameworks.
It is important to remain vigilant
Even if your organization has never experienced a supply chain attack, it’s important to be vigilant. According to Gartner, 45% of all organizations will experience an attack on their software supply chains by 2025. Additionally, these attacks are particularly harmful because they often go undetected for long periods of time, allowing malicious actors to siphon off invaluable customer data. This can result in hefty fines and immense reputational damage.
Supply chain software attacks have become so prevalent that NIST released a Cybersecurity Supply Chain Risk Management (C-SCRM) Strategy, and President Biden’s Executive Order 14028 Section 4 recently directed NIST to create new standards, tools, and best practices to strengthen supply chain security.
It remains to be seen what it will ultimately look like; however, in the meantime, you can protect your organizations by imposing minimum security requirements on vendors; use a Zero Trust architecture; prioritize fixes; use analytics to monitor insider threats and implement an effective incident response plan.