Tag Archives: suppliers

Supply Chain Attacks Surged By 42% in 2022. Here’s Why.

Increase in supply chain attacks

There’s been a massive and recent increase in the awareness of supply chain attacks. Significant investment going to tools and strategies to protect supply chains against attack have been poured into business plans, but this isn’t helping. You would think that all of this time and effort would in turn bring a decline to these threats, but you’d be wrong.

 

Quite the contrary actually. According to research from PurpleSec, supply chain attacks rose by 42% in 2022, and 64% of businesses have now been affected by supply chain software attacks.

 

Recent Supply Chain Attacks

In the case of the SolarWinds attack, malicious code inside a popular IT monitoring platform gave hackers a back door into thousands of IT networks. Similar breaches occurred in the Colonial Pipeline attack, where a leaked password caused massive panic, and in the Kaseya and Log4j breaches, which were also examples of supply chain attacks in which breaches in third-party software tools exposed a large number of businesses to attack.
 

The Appeal Of Supply Chain Attacks

Exacerbating matters further is the fact that a single supply chain breach allows attackers to target hundreds or thousands of victims by seizing upon just one vulnerability and one attack technique. From the hacker’s perspective, the ROI on supply chain attacks is exponentially higher than a traditional attack, wherein a single business is placed at risk.

 

As TechTarget explains, “supply chain attacks are difficult to detect, as they rely on software that has already been trusted and can be widely distributed.

 

Why Supply Chain Attacks Continue To Rise

 

Both of these factors – the difficulty of preventing supply chain attacks and the advantages of supply chain attacks from an attackers perspective – help to explain why supply chain attacks remain so pervasive – to the point that supply chain attacks will increase by 400 percent, according to the European Union Agency for Cybersecurity (ENISA), which adds that “strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers.”

In other words, traditional approaches to defending against cybersecurity risks – such as hardening servers against attack, enforcing strong access controls and deploying malware scanners – aren’t very effective in cases where the bad guys break in by breaching your supply chain. If your IT systems are configured to trust software delivered to them by third-party suppliers, no amount of access controls or virus scanners are going to protect against flaws within those third-party systems. Conventional security controls only protect against threats that originate internally, which means they don’t address supply chain attacks.

 

What You Can Do: How To Stop Supply Chain Attacks

 

Fortunately, there are practices that can help to prevent supply chain attacks, even for organizations with complex supply chains:

 

  1. Implement Zero Trust

Zero trust means configuring IT resources so that they do not trust any other resources –internal or external – by default. They only share data and interact with resources that are explicitly validated to be secure. Zero trust policies can help to mitigate supply chain attacks by ensuring that servers, applications and other resources only trust third-party software if that software has been scanned and vetted to be secure.

 

  1. Gain Asset Visibility

Visibility – specifically, visibility into which supply chain assets exist and which risks impact them – goes a long way toward preventing supply chain attacks. Businesses should be able to identify risky assets, determine the root cause of the risks and remediate risks in a proactive manner.

 


 

 

  1. Work With Suppliers

Effective supply chain security management means not just cutting off suppliers who might place the supply chain at risk, but working with them to identify potential breach points and ensure transparency in the face of risks. Vulnerability Disclosure Programs can help here by providing a systematic means of identifying and responding to supply chain attack risks.

 

 

 Findings can help with all of these initiatives by providing automated visibility into your entire supply chain so that you know when and where risks arise. In addition, Findings helps you assess vendor compliance and manage vulnerability disclosure policies, ensuring that you’re prepared to react quickly when your supply chain becomes vulnerable to attack.

 

 

Learn more about how to prevent supply chain attacks with Findings.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!