The massive SolarWinds breach that took place earlier this year should set clear precedence that the supply chain and third-party risks are only increasing and should be taken very seriously. These breaches demonstrate that “check-list security” is no longer enough to ensure protection, and that, now more than ever, understanding one’s supply chain network dependencies is critical within a cybersecurity program.
Understanding what supply chain and third-party risks are can be a difficult feat, so LookingGlass prepared this white paper to help organizations begin to not only understand what they are but also help mitigate and manage risks to help organizations stay ahead of an exploit.
LACK OF VISIBILITY
Cyber criminals, nation-state hackers, and other malicious actors recognize that the lack of visibility into the supply chain provides an opening for them. The SolarWinds incident was a perfect example. Hackers were able to pivot along the supply chain, locate a hole in the external attack surface, and take advantage of their trusted business partners and suppliers. Attackers used the lack of visibility to deliver malicious code, infiltrate several high-profile companies, and gain access to sensitive information, such as emails within the Department of the Treasury.
This lack of visibility cannot be solved by a simple risk scorecard or periodic audits. To improve your organization’s security, especially down your supply chain, you need to understand the technical reasons behind a vendor’s or supplier’s risk rating and how those technical issues could impact your organization.
IDENTIFY AND ADDRESS MAJOR RISKS WITH THREAT INTELLIGENCE
Threat intelligence complements internal security controls, which is exactly what organizations need to ensure that their ever-expanding external attack surface is protected. When done correctly and properly applied, an enterprise that leverages threat intelligence is better equipped to handle and mitigate risks.
For example, a threat intelligence feed from an industry ISAC (Information Sharing and Analysis Center) could tip you off to a pattern of network scanning, identified by peer organizations, that might indicate the early stages of a hacking attempt or warn you about a sector-specific threat targeting a vulnerability in a common platform. If your organization leverages that platform or sees similar network scanning, your team may need to prioritize certain operations to reduce risk; such as conducting a thorough vulnerability scan or implementing a patch when those activities weren’t originally scheduled to occur.
When done right, threat intelligence can be a powerful signal to help identify and address major risks. In the context of supply chain attacks, understanding which sectors your suppliers and vendors are a part of and paying attention to threat intelligence from those sectors – gaining a more holistic view of your ecosystem – is more critical than ever.
CONTINUOUS MONITORING FOR EVER-CHANGING THREATS
Today’s threats are ever-changing, which means a weekly or monthly risk report, while useful, is only a snapshot of an organization’s risks at that moment, and by the time the report is read, it likely has stale information. This is why organizations require continuous monitoring of things such as domain names and IP addresses for indicators of compromise, infection, or illicit use that may increase the organization’s risk. For example, LookingGlass customers can set up collections that continuously assess whether a supplier’s network or IT assets are part of a malicious Command-and-Control (C2) network associated with malware or botnets.
Download the complete brief, The Silent Threat: Supply Chain & Third-Party Cyber Risk to learn more about LookingGlass’ findings.
To learn more about how LookingGlass can help you see your supply chain’s vulnerabilities, contact us today.