What Are We Doing Against Supply Chain Attacks?
- With organizations across the world realizing the importance of securing their networks, attackers are finding ways to infiltrate the target network through supply chains.
- Many small and medium organizations may consider their vendors and third-party partners as trusted networks. As a result, organizations don’t follow the required cybersecurity practices when dealing with them.
This opens up a lot of opportunities for attackers to hack into the targeted organization’s network.
The fight against supply chain threats
Let’s look at the guides, recommendations, and warnings related to supply chain risks that hit the news recently.
The British Security Industry Association (BSIA) published the ‘335 Cyber Secure It - Best Practice Guidelines for Connected Security Systems’ document as a guide for stakeholders in the connected security devices and services supply chain.
The U.S. Department of Defense has released the Cybersecurity Maturity Model Certification framework that mandates the certification of a company to be a part of the DOD supply chain. This framework is expected to be implemented in 2020.
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has shared a list of recommendations for the federal government to deal with cybersecurity risks associated with its ICT supply chain.
The National Cybersecurity Agency of France that also goes by Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has published an analysis report on cyber threats that target service providers and design offices with the intention of spying.
The Healthcare and Public Health Sector Coordinating Council (HSCC) has published guidance on supply chain cybersecurity risk management. This guidance is designed for non-IT professionals and enterprise leaders in small and medium-sized healthcare organizations who oversee supplier relations.
These guides provide various recommendations from experts that you can selectively implement depending on the nature of your organization. Exchanging threat information with trusted partners and auditing third-party cyber risk on a regular basis is crucial for all organizations to improve their security posture.
Why it matters
Any organization, irrespective of its size, is susceptible to cyber-attacks. Apart from securing their networks, organizations must also look into other ways hackers might strike, including the supply chain link.