A naukri.com initiative
Kaspersky
1w
190
Image Credit: Kaspersky
Trusted-relationship cyberattacks and their prevention
- Supply-chain attacks involve a malicious actor infiltrating an organization’s systems by compromising a trusted third-party software vendor or service provider.
- Attackers compromise a link in the chain to reach their target, exploiting the fact that businesses often rely on many suppliers and contractors, who, in turn, use the services and products of yet more contractors and suppliers.
- Types of such an attack include compromising well-known software that is used by the target organization, attacking corporate accounts of service providers, exploiting cloud providers’ infrastructure features, compromising specialized devices belonging to contractors connected to the target network.
- Supply-chain attacks offer advantages to attackers, such as being able to compromise a single popular application that provides access to dozens, hundreds or even thousands of organizations, and stealthily infiltrating organizations.
- The responsibility of minimizing supply-chain attacks should be shared across organization departments including Information Security, IT, Procurement and Vendor Management, Legal Departments and Risk Management and the Board of Directors.
- Organizations should evaluate their suppliers, implement contractual security requirements, adopt preventive technical measures, organize monitoring, develop an incident response plan and collaborate with suppliers on security issues to minimize the risk of supply-chain attacks.
- Deep technological integration throughout the supply chain creates systemic risks that businesses leaders should understand.
- Attacks on trusted relationships and supply chains are a growing threat, and only by implementing preventive measures across the organization can companies ensure the resilience of their business.
Read Full Article
11 Likes
For uninterrupted reading, download the app