The era of “mind your own corporate cybersecurity” is gone. Time to mind mutual cybersecurity risks or risk business collapse!
The Log4j vulnerability has served as a timely, poignant reminder for organizations to step up their supply chain cyber defenses.
As seen in the SolarWinds and Kaseya cyber supply chain incidents, any form of attack or disruption to third party digital supply chain vendors can have far-reaching consequences, quickly escalating into major incidents affecting thousands of customers and critical operations.
While most enterprises typically have robust cyber defenses in place, threat actors can exploit supply chain weaknesses to circumvent the defenses. Any weak link in an organization’s increasingly complex and vast network of partners, vendors and suppliers can be exploited and used as a point of entry. Evidently, containing such attacks presents a massive challenge.
Downfall via the weakest links
While organizations are increasingly cognizant of the need to enhance cybersecurity measures and attain greater visibility of all risk profiles in their internal networks, they now need to also eliminate risks from allowing external parties into the network.
To mitigate the risks from their supply chains, organizations must enhance visibility across the entire ecosystem and extend their cybersecurity practices to their key suppliers. Here are four key strategies:
- Implement third-party risk assessment and monitoring services
This regime covers aspects such as asset and inventory reviews, monitoring of all third party access routes, insider-threat monitoring, as well as visibility of shadow IT assets and data management.
Organizations need to establish an assessment and compliance regime by maintaining an inventory of key suppliers and service providers, in order to maintain an appropriate risk position.
Furthermore, organizations should leverage services that combine automation and threat intelligence with a risk-based approach. This helps them expand and improve their visibility into the key areas of their interconnected supply chain ecosystem. This process also reduces the impact of third party cyber risks, now a critical requirement in vendor management.
- Adopt a proactive cybersecurity posture
Supply chain threats usually involve multiple attack techniques. Cybersecurity professionals need the aid of cybersecurity solutions that amalgamate advanced behavioral analytics, AI and network traffic security analytics (NTSA) to detect and intercept command-and-control activities.
Further, organizations can bolster their cyber defenses by implementing endpoint detection and response (EDR), together with extended detection and response (XDR) solutions to enhance detection of the lateral movement of cyber threats in the network.
By being proactive (instead of reactive) in hunting down cyber threats, organizations become better prepared in mitigating any cyber incident.
- Establish an incident response playbook
This playbook should include possible containment plans, strategies to contain the vulnerabilities and also provide reassurance and protection to affected individuals, regardless of whether the cyber incident happens within the organization or from an external supplier cyber breach.
- Maintain good cyber hygiene practices
This includes regularly closing unused ports and updating systems with the latest patches. Organizations should also establish access and authorizations based on the principles of least privilege and segregation of duties.
Moreover, continuous scenario-based attack simulation (SBS) tests can be used to regularly explore insider attack scenarios and their implications. This can help organizations to evaluate the readiness of their incident response and recovery capabilities for different cyber incident scenarios.
It is also advisable to scale up the security operations team when responding to a cyber incident, in order to reduce recovery time and service impact.
As outsourcing is an important and critical part of IT operations in most organizations, the prevalence and severe impact of supply chain cyberattacks dictate that processes, policies, and procedures must be expanded to include all external stakeholders.
Over the next few years, cybersecurity ratings will become increasingly crucial in how organizations determine the risk of business relationships with external vendors.