By Chris Spargen from HelpSystems
With Gartner predicting that by 2025, 45 percent of organisations worldwide will have experienced attacks on their software supply chains, businesses everywhere need to double down on efforts to monitor and assess their suppliers’ cybersecurity arrangements and initiatives designed to reduce the risk of supply chain attacks.
Supply chain attacks have been rapidly increasing in volume and sophistication. Worryingly, however, the UK’s Department for Digital, Culture, Media and Sport reports that despite the fact that many of Britain’s top companies say cyber threats pose a high or very high risk to their business, almost a third had yet to take any preventative action.
As vulnerabilities such as Log4j, a component block of code used by software applications and online services across the internet, spread through the supply chain, organisations will need to take a more proactive stance when it comes to protecting and monitoring their sensitive data, including how it is used, shared or stored, wherever it may be.
Who’s at risk and why?
Organisations in every industry sector, including financial services, healthcare, public sector and defence organisations, hold valuable personally identifiable information (PII) and sensitive data that makes them a top target for cyber attackers. Most organisations are now part of a growing digitally enabled and extended supplier ecosystem. Consequently, organisations large and small will need to rethink their existing technology investments and prioritise their efforts where cybersecurity and data security governance is concerned.
For cybercriminals, supply chains represent a highly tempting target. These highly connected systems often involve the control of millions of pounds worth of payments and shipped goods. All it takes is just a single breach and threat actors can potentially open up access to core systems and databases in one organisation. An attack can then be cascaded to other partners in the ecosystem.
Protecting the supply chain: getting to grips with the key threat vectors
In today’s hyper-connected, extended supplier ecosystems, the sending and receiving of information have become essential to the smooth operations of supply chains. This means, at the very least, organisations will need to ensure both they and their suppliers have basic security controls in place, such as Cyber Essentials, NIST, and ISO 27001 alongside good data management controls.
Organisations will also need to adopt a data-centric security strategy to ensure sensitive data is encrypted and secured, both at rest and in motion, and access is restricted to appropriate users only.
In other words, they need to add to their traditional infrastructure-centric security measures featuring multiple layers of defence and protect what really matters: the data itself. This means they’ll need to gain full visibility and control of data on hand: where it is stored, what it contains, and how it is used.
They’ll also need to find ways to enable streamlined collaboration and data exchanges with supply chain partners, ensuring protection is placed around access and use both inside and outside the organisation.
Centralising data flows with managed file transfer
Secure Managed File Transfer solutions centralise, secure, and automate data exchange, enabling organisations to move data anywhere securely, swiftly, and across all environments to support more streamlined and robust collaboration and exchanges.
Featuring built-in tools such as credential management, user access privilege, and certificates,
MFT ensures legitimate communications are able to continue. Complementary MFT integrations include antivirus and DLP scanning to ensure inbound and outbound data transmissions are free of threats or sensitive data leaving the organisation. Another popular integration is extending rights management beyond whomever data is being shared with – for instance, an external trading partner who has access to a folder with data that only they should see, would be prevented from sharing sensitive data with unauthorised users.
When combined with other security protocols, such as regular patching and constant network monitoring, organisations can ensure they put in place effective defence measures to counter cyber threats to their supply chains.