Cybercriminals are using everything from everyday devices like USBs to vulnerabilities in networks, servers, browsers, websites and even employees to infiltrate the supply chain.
Matan Or-El, CEO and Co-founder at Panorays:
“Other supply chain attacks include targeted attacks against those suppliers storing and processing information for an organization on its behalf. For example, an outsourcing law firm may hold a company’s sensitive and confidential information such as M&A-related documents, sales transactions and financial health statements. An attacker may decide to attack them to retrieve that information and sell it to competitors, other data seekers and even for insider trading information. In fact, just a couple of years ago, T-Mobile announced that credit and financial information of 15 million of their customers have been compromised. The breach source? Experian, a supplier of credit applications that T-Mobile was using.”
Matan offers this advice for companies before working with a supplier:
1. Prior to choosing a supplier it is important to consider their security posture. Understand what systems they are running, protocols they’re using and even the security technologies they have in place.
2. Engage with the supplier and pinpoint the issue so that they become aware of the problem, understand the issue, and know how to fix it.
3. In case you do need to work with a supplier which does not have a good security posture, we suggest taking extra steps to secure the interaction with that supplier.
This includes being more vigilant about the information being shared and how it is shared. Such measures may include for instance, the demand and enforcement of data removal after a certain period of time or limited access to various systems.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.