Light Dark
September 30, 2021 By David Bisson 2 min read
Incident Response
Risk Management
Security Services

Supply chain attacks are growing more common. According to the Identity Theft Resource Center (ITRC), there were just 19 supply chain attacks in the final quarter of 2020. In the following quarter, that volume grew to 27 attacks — an increase of 42%. Those incidents in Q1 2021 affected 137 U.S. groups and a total of seven million people. Why are they such a problem? And, how can you protect against them in the course of vendor management?

The second quarter of 2021 brought another increase for supply chain attacks, with the number of incidents growing by 19% to 32. The 59 supply chain attacks detected through June fell just behind the 70 malware-related compromises in H1 2021. So, the training provider predicted that third-party risks stemming from supply chain attacks and other incidents will surpass malware as the third most common source of breaches by the end of the year.

Why Supply Chain Attacks Are So Difficult to Block

Many businesses and agencies struggle to defend themselves against the growing volume of supply chain attacks discussed above. Why? Well, it’s not always easy to ensure defenses after vendor management begins. As reported by Opus, organizations share sensitive information with 583 third parties on average. Those entities all have different policies when it comes to what they do with their clients’ data. Some might not have processes in place that accord with existing policies, for instance. This puts them and their data at risk. Depending on those policies, such risk might persist even after a group terminates its contract with a vendor. Attackers could perform business identity theft using these forgotten accounts and data.

However, IT and security teams must commit a lot of time and resources to review the policies of all their third parties. Putting so much of their time into vendor management would pull personnel away from their current projects and thereby undermine IT resilience and security in other ways. It also wouldn’t account for the other companies to which the vendor connects. Those might retain access to systems or data outside the knowledge of IT and security teams.

Screening: The Beginning of Vendor Management

Keeping in mind the challenges discussed above, it’s key to not delay vendor management until they already have their work agreements in place. That’s why they need to begin screening vendors as part of the process of making those arrangements.

They can do this by requiring an explicit security policy for review during the beginning of vendor management. Such a policy should include information about the vendor’s disaster recovery capabilities, its procedures surrounding the retention of its client information as well as its programs for managing privileged access and for responding to a confirmed security incident. Organizations can review the details of the policy and confirm whether they accord with their requirements. What if they find an area of weakness that they feel could put their systems and/or data at risk? They can refuse to work together or demand that they rectify the issue as a condition of doing so.

Where Vendor Management Goes Next

The work doesn’t end with screening vendors, either. Per CIO, organizations can uphold their other vendor management duties by conducting regular security audits of their third parties’ existing controls and scheduling reviews of those policies on an ongoing basis. Some might struggle to complete those steps on their own. It becomes more difficult with the volume of vendors that they need to manage. As a result, consider automating vendor management using managed software solutions such as privileged access management.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature