Supply chain security and resilience

Mo Cashman at Trellix explains what to do if a link in the supply chain breaks

 

A tough economic climate and changing customer preferences has resulted in many UK businesses folding over in the past few years. Most recently Wilko’s, a British retail giant, went into administration and cyber-criminals wasted no time in exploiting the company’s position by spinning up fake websites to scam customers looking for a deal.

 

However, this may be the tip of the iceberg in terms of cyber-criminal activity following a company’s collapse. How can a failed business protect the sensitive data it holds – especially on employees, customers, and suppliers – what happens to its cyber-security posture, and how does this affect companies within the supply chain? 

 

Managing cyber-risk during bankruptcy is a critical area of supply chain security. The transitionary period presents a risk to companies doing business with the firm in administration as well the firm itself. External threats may launch direct attacks against the failing company, taking advantage of potential weaknesses in cyber-defence. There’s also an increased risk of insider threats.

 

But how exactly can organisations implement the right tools to protect themselves and their partners when faced with administration, and maintain cyber-resiliency? 

 

Mapping out the security landscape

The first step that needs to be made is understanding the role of the security operations (SecOps) team, and how it integrates into the wider security function. As the focal point of cyber-security operations, security teams need to have full visibility over the threat landscape. This includes identifying and mapping organisations across the full supply chain, and accounting for any vulnerabilities.

 

Once the attack surface has been fully visualised, SecOps teams have the additional challenge of undertaking active monitoring and analysis of remote access attempts. This can be particularly difficult as security teams are often relying on siloed solutions or out-of-date technology; something over a third (37%) of CISOs acknowledge as a key challenge in protecting their organisation. 

 

This is where integrating tools like XDR takes the fore. By coalescing endpoint, network, email, and data traffic monitoring, and marrying this with AI and machine learning, security functions have full agency. By automating threat detection and analysis for active monitoring for the full supply chain, businesses can alleviate the pressures placed on CISOs and their teams.

 

Collaborating and critical awareness

Protection along the supply chain isn’t isolated to individual organisations. There needs to be an element of data sharing and intelligence sharing at all levels to reinforce any weak links. Regional teams and government bodies like the Joint Cyber Defence Collaborative (JCDC) and the National Cyber Security Centre (NCSC) offer timely intelligence and threat telemetry. Organisations can leverage these fresh insights keep their preventative activity, like regular penetration testing up to date.

 

Sometimes vulnerabilities slip through the cracks, most notably from internal compromise. Their very nature means they can often be difficult to detect, and the shapes these vulnerabilities take varies case by case. However, our research found that almost half (45%) of security threats are due to employee error, followed by 39% arising from malicious insider threats.

 

This doesn’t come as a full surprise, over the past year, telemetry has illustrated a steep increase in speer phishing and social engineering attempts targeting specific individuals within government and industry organisations.

 

It’s essential for employees and team members to be educated on how to recognise these tactics, and the correct pathways to report incidents and attempts. Subsequently, the responsibility falls on CISOs and their SecOps teams to share these detections and any associated intelligence with other partners and contractors. This encourages a secure ecosystem across the chain.

 

The right route to cyber-resiliency

The first step in implementing a robust and resilient cyber-security environment is by understanding organisational cyber-risk. By aligning the controls in place with risk management, business units can begin to integrate zero trust policies into their operations.

 

Being mindful of security threats needs to be reflected in the company-wide culture, and this starts with setting the correct tone at the top. In fact, the vast majority (96%) of UK CISOs surveyed found that a lack of buy in from the board significantly affected the SecOps teams’ ability to maintain cyber-security strength.

 

Bearing in mind the impact from malicious insider threats and the need for thorough education and training at all levels, this can only be done by simplifying the language around cyber-security.

 

With a robust security strategy in place, SecOps teams will have a far easier time bringing board level individuals in line with their needs. Setting things out in a straightforward way allows decision makers to allocate the appropriate resources for the right tools. This minimises workload and enables the SecOps team to be more effective. By eliminating disjointed, isolated solutions, and utilising robust tools like XDR to offer deeper, more transparent insights, cyber-security defence can be strengthened. 

 

Coalescing core learnings

Overall, when organisations and businesses enter administrative proceedings, it can create a feeding ground for malicious threat actors seeking to exploit customers and businesses within the supply chain bubble. It’s vital for contractors, partners and other companies that are a part of the process, to be fully aware of the security risks and implications when these events occur.

 

By understanding the full cyber-security landscape, and comprehensive data mapping and attack surface analysis, critical vulnerabilities can be analysed. This allows SecOps teams to simplify the risks and present them across all organisations in a concise way, creating a security minded ecosystem.

 

Utilising more robust tools like XDR to facilitate faster detection and response, ensures cyber-resilience and protects the entire supply chain.

 

---

 

Mo Cashman is EMEA Field CTO at Trellix

 

Main image courtesy of iStockPhoto.com