The threats of cyber attacks against a myriad of industries have been one of the top news stories of 2021. One of the most prominent attacks being used by threat actors is exploiting third-party risk by going after an organization’s supply chain. While there are unique vulnerabilities to all organizations from supply chain cyber-attacks, the threats posed to the Defense Industrial Base (DIB) are arguably the most urgent.
Before diving into threat intelligence, organizations should conduct a risk assessment to understand their business risk. Properly conducted, risk assessments can provide a thorough picture of an organization’s mission, functions, IT, organizational assets, and reputation.
While major cyber attacks and APT groups dominate the news, many organizations are more likely to be plagued by more common threats. In fact, according to a 2021 Threat Hunting report, the most common attacks observed by practitioners are malware, phishing, network intrusion, and ransomware
Threat Hunting is critical for any digitally connected organization to promote proper security hygiene, reduce compromise dwell time and exposure, discover gaps, and reduce the exposed attack surface. Today’s sophisticated and targeted threats require active hunting rather than passive detection to keep an organization safe and secure via investigation and anomaly detection tailored toward organization-specific services and implementations.
Because of the relative newness of the field and the demand for cybersecurity talent, there’s an assumption that only the most sophisticated organizations are able to leverage threat hunting activities. However, in reality, organizations do not have to be highly resourced or sophisticated to effectively leverage threat hunting to protect themselves from cyber risks.
Cyber threat intelligence — properly gathered, refined, and applied — can help organizations recognize cyber risks and implement protections that specifically address the most serious risks to the integrity and functioning of their organization.
The massive SolarWinds breach that took place earlier this year should set clear precedence that the supply chain and third-party risks are only increasing and should be taken very seriously. These breaches demonstrate that “check-list security” is no longer enough to ensure protection, and that, now more than ever, understanding one’s supply chain network dependencies is critical within a cybersecurity program.