- A company’s cyber vulnerabilities don’t end at its network’s perimeter. They include its extended supply chain of suppliers and partners.
- A supply chain is only as strong as its weakest link. If one participant is vulnerable, every company that is part of the chain and all of their customers are at risk.
- The best defense is to integrate the security measures across all of your vendors and partners — including the specialized threat intelligence and response tools employed by each of these companies.
Alistair Berg/Getty Images
To defend itself against this requires a company to think beyond its own security posture and keep track of the protective measures in place at all of its key suppliers. While this may appear daunting, there are innovative threat intelligence tools that can help handle this chore. But in order to be effective, they must be integrated and able to share a common stream of security data.
WHAT IS A SUPPLY CHAIN ATTACK?
A supply chain attack is a strategy used by cyber criminals, where they break into a less secure network in order to infiltrate others that may be better defended. The concept is nothing new; it’s the modern day version of poisoning the water supply to compromise as many enemies as possible. The attackers aren’t necessarily interested in pilfering their initial victim; they simply want to use it as a doorway into other companies that are their real targets.
As businesses outsource more and more of their activities, they become more vulnerable to this type of exploit. Consequently, supply chain attacks are on the rise. One report found the number of certain types of software supply chain attacks are up 430 percent.[1] And in July 2020, the National Security Agency and the Cybersecurity and Infrastructure Security Agency released a joint advisory statement referring to the rise in cyber attacks throughout the COVID-19 pandemic. It noted that these could include key supply chain technologies, such as third-party warehouse climate controls or automated production lines, which are often connected via the Internet of Things (IoT).
In other words, even when an organization’s security defenses are tightly sealed, there is a very real risk that attackers can still gain access to its network by breaching the systems of its suppliers, partners or service providers.
KEY STEPS TO DEFEND AGAINST A SUPPLY CHAIN BREACH
The implication is clear: No company can consider itself truly secure without also addressing the cybersecurity precautions taken by the participants in its supply chain. Key steps include:
- Expanding the company’s security perimeter to cover its supply chain. Suppliers’ and partners’ hardware, software, services and IoT devices should be treated as if they were part of the company’s own network.
- Identifying what data is shared with which outside parties and how that data is managed and consumed.
- Conducting a security assessment before entering into any contract. Minimal standards should be set that the other party must meet.
- Auditing suppliers and vetting their incident response capabilities.
- Working under the assumption that a breach has already occurred and performing penetration testing as a matter of routine. The value here is that this lets the security team retain the initiative, by allowing it to remain on a proactive footing.
- Exchanging threat intel among supply chain participants. Since attackers frequently use the same techniques across different companies, the simple step of sharing what you know with your partners can significantly bolster everyone’s security.
- Integrating otherwise fragmented threat intel data using SIEM, SOAR and API technologies.
THWARTING SUPPLY CHAIN ATTACKS WITH SIEM, SOAR AND API INTEGRATION
To counter the threat of a supply chain incursion, companies are well served by the latest generation of highly specialized threat intelligence solutions.
Take a breach and attack simulation (BAS) tool like Cymulate for example. BAS solutions can help reduce supply chain risk by conducting ongoing, automated penetration testing. They identify vulnerabilities by mimicking the tactics used by bad actors and showing you where you’re most exposed.
But to get the most out of a BAS tool, it must be integrated with all of the other discrete security tools in your suppliers’ arsenal. As part of a SIEM (security information and event management) solution, the information provided by a BAS and other tools can be distilled and presented on the same workstation. This allows an operator to correlate incidents and identify events that would otherwise be missed if each tool had to be monitored separately. Further integration with a SOAR (security orchestration, analysis and response) platform can automate threat detection and response, greatly reducing the time it takes to spot and counter a supply chain attack.
Off-the-shelf integrations based on open APIs are the final piece of the puzzle, since these allow a wide array of security programs to feed into the SIEM and the SOAR. Mimecast, for example, supports over 100 open APIs and offers off-the-shelf integrations with over 60 leading security vendors, making it possible to share data with tools and programs from up and down your supply chain. In addition to best-in-class cybersecurity protection, you can get visibility into your supplier’s risk profile with SecurityScorecard.
THE BOTTOM LINE
As the business world becomes ever more interconnected, supply chain attacks are destined to grow. To counter this threat, security must be treated as an integral part of the relationship between a company and each of its suppliers and partners. By pooling data and integrating their security solutions using SIEM, SOAR and off-the-shelf integrations based on open APIs, companies can expand their security perimeter to include their entire supply chain and each of its links.
[1] “Sonatype’s 2020 State of the Software Supply Chain Report finds 430% Increase in Next Generation Open Source Cyber Attacks,” Sonatype
