Supply chain attacks are not new, but as the recent SolarWinds hack demonstrated, they may be destructive and have far-reaching implications.
According to the 2020 State of the software supply chain reports, the supply chain is now the target of 50% of all cyber-attacks, and supply chain attacks have increased by 430% in the last year.
Supply chains are an important aspect of corporate operations, yet they are often extensive, diverse, and cross multiple countries. Typically, they will not have the same strong cybersecurity defenses in place, leaving hackers with a plethora of vulnerabilities to attack.
As supply chain attacks get more complex and common, firms must take the necessary precautions to avoid risk. The following are some concrete initiatives that an organization can take:
Honeytokens function like tripwires, cautioning firms to unusual behavior inside their network. They are phony resources masquerading as sensitive information. Attackers mistake these decoy resources for valuable assets, and when they engage with them, a warning is sent to the targeted company, alerting them of an attack attempt. This provides enterprises with early warnings of data breach attempts as well as details on each breaching technique.
Companies can isolate the exact resources being attacked and implement the most efficient incident response measures for each cyber-attack strategy using this intelligence. Honeytokens could potentially betray the location and identity of a cyber-attacker if they are not operating behind a firewall.
Examine and comprehend the supplier network
Businesses and vendors must establish a sense of trust and transparency about what data is available, who can access it, and how it will be utilized when using third-party service providers who have virtual access to an organization’s information systems.
Businesses can work together to track risk indicators including ownership, manufacturing sites, supplier relationships, and available attack surface by developing relationships with suppliers. Businesses can start by implementing constant monitoring throughout the product life cycle, using open source technologies to perform deep multidimensional analytics, and eventually expanding the range of scrutiny to include subcontractors. Enterprises should consider putting security controls and periodic auditing expectations in vendor contracts to ensure that their chosen vendors are subjected to the same level of scrutiny as their own internal operations.
Keep tabs on trusted and authorized software
Since no one was looking for it, the SolarWinds hack went far and wide—it was treachery from within an ally’s camp, well beyond the reach of firewalls and other security countermeasures. Organizations will need to monitor the behavior of their trusted software, which includes antivirus, corporate productivity software, and more, to protect themselves from a supply chain attack like SolarWinds.
Data loss prevention (DLP) solution is one of the greatest tools for keeping track of data flow. Companies should examine how they are employing their DLPs if they already have one. DLPs have a bad record since they are expensive, time-consuming to manage, and can generate a lot of false warnings. DLPs, on the other hand, are frequently designed to cast a net that is too wide, or they are underutilized for the reasons stated above.
The number of false alerts can be reduced by focusing the DLP on a select set of data—the company’s most valuable and sensitive data. In effect, the DLP acts as an internal watchdog to ensure that trusted programs are not the source of data leakage or abuse.