The term “supply chain attack” has been in the hackers’ toolbox for a while. But recently, This attack was front and center when an attack on SolarWinds affecting at least 18,000 customers and vendors, and more recently, the attack on USAID. Wikipedia describes a supply chain attack as a cyber-attack that aims to damage an organization by targeting less-secure elements in the software supply chain. By compromising a supplier, hackers can hijack its systems to turn any application they use into a Trojan horse. With one well-placed code, they can create a threat to the networks of a supplier’s customers—sometimes with hundreds or even thousands of victims. The problem is getting worse when companies and enterprises rely on unchecked third-party applications. So, are there any ways of mitigating risks? Let’s try to figure it out.
1. Check industry regulations compliance.The regulatory frameworks are there for a reason. Like those in the financial sector or healthcare, most of them already require third-party risk testing or have some standards that vendors need to comply with. So, while choosing your software supplier, make sure they can provide auditable proof that they have implemented a security framework and can demonstrate compliance with that framework.
2. Potential insider threats.An insider threat is not necessarily motivated by malicious intentions. However, in most cases, your team members unaware of the risks associated with their actions. Cyberthreat awareness training will help to mitigate end-users-behavior-related risks. In addition, regular employee feedback surveys and open work culture will address concerns before they cultivate hostile insider threats.
3. Limit access to sensitive data.First, make sure that all the sensitive data access points are identified. The more people have privileged access roles, the more likely you can have an attack. To prevent this privileged needs to be kept to a minimum. Additionally, vendor access should be especially scrutinized, given their risk of being the first targets in a supply chain attack.
4. Look through the vendor’s data leak records.Third-party data breaches can be significantly reduced if all vendor data leaks are remediated before cybercriminals discover them. Data leaks make it much easier for hackers to conduct a supply chain attack because they could find sensitive intelligence about the state of the whole targeted application. Therefore, one more highly recommended thing to do is to monitor the vendor network for vulnerabilities.
5. Secure privilege access management.The first thing hackers do after breaching a defense is searching throughout the IT system in search of privileged accounts. This is because they are the only accounts that can access sensitive data. When a privileged account is identified, they will try to access all the sensitive data that the account can provide. Such sequence is known as the Privileged Pathway and is followed by most cybercriminals. Check out this short read from Microsoft on how to protect yourself from supply chain attacks. Klik Solutions helps organizations control their third-party security by continuously monitoring for vulnerabilities and data leaks that can be exploited in a supply chain attack. Contact us to protect your business!