The Cyber supply-chain ‘attack-surface’ evolves – Q1/21
Many Organisations have made great strides to protect themselves in Cyber space, the resultant effect is that threat actors have evolved and are expanding the attack-surface to focus their efforts on the interconnectivity of the supply-chain.
What is a supply-chain attack?
A supply-chain attack, also known as a third-party or value-chain attack, is a cyber attack that specifically seeks to damage or infiltrate an organisation by targeting less secure elements of third parties within the supply-chain.
For many, the first time they had ever heard of the US tech giant SolarWinds, was when the recent attack that penetrated a dizzying number of Government and private organisations was exposed. This was a supply-chain attack of the grandest scale to date; ironically, Governments have been warning industry about this threat for the previous 5 years.
Given the scale and complexity of the problem, you may be asking yourself; how does my Organisation address this new and evolving threat?
Addressing the problem
The most common attack types are still Denial-of-Service, Man-in-the-Middle, password attack, and phishing and spear-phishing attacks, not forgetting vulnerabilities that are created when software is out of date or vital patches have not been implemented – it is these vulnerabilities that present the key risk within the supply-chain.
The only way of addressing supply-chain Cyber risk is to ensure your Organisation and the affiliates in your supply-chain, meet the required Cyber security standards.
Protection for UK SME’s
In the United Kingdom the starting point for SME’s with a turnover <£20M is a Government backed scheme called ‘Cyber Essentials’, in the United States they have their own NIST framework equivalent, it is not just your organisation that should meet this basic standard, the affiliates in your supply-chain should also.
Cyber Essentials starts as a self-assessment (Matrix Risk Solutions team can support you through this process), certification to this standard gives you protection against a wide variety of the most common cyber attacks. This is key because vulnerability to the basic attack framework can mark you out as a target for more in-depth, and unwanted attention, from cyber criminals and other threat actors.
Protection for UK Corporates & Organisations
Matrix Risk Solutions provides critical cyber security solutions with emphasis on security, strategy and assurance so that we can offer security systems that meet the bespoke needs of our larger clients.
The Matrix range of solutions covers everything from systems architecture analysis, CISO as a service, third-party risk assessment, through to Cyber Attack response.
Each tailored solution provided is based on the National Cyber Security Centre (NCSC) and National Institute of Standards and Technology (NIST) recognised frameworks; providing appropriate and actionable controls to effectively mitigate cyber security risks.
Protecting your supply-chain
To protect your supply-chain, it is important to effectively manage this risk by knowing the standard of your affiliates defences and ensuring that they are comparable with your own. Organisations must understand the cyber risks associated with their relationships and do their utmost to mitigate those risks to the best degree possible.
About Matrix Risk Solutions
Established and staffed by former members of United Kingdom Tier-1 Special Operations, Intelligence Service Officers, Lawyers and Business Process Management professionals.
Our world-class risk and security experts are able to identify, assess and understand complex risks, scenarios and events; we then draw upon a wide range of capabilities in order to design appropriate and deliverable bespoke risk solutions, for key decision makers.
” The key message is that doing nothing about your Cyber risks is no longer an option. We have seen many recent cases where a cyber attack has crippled an Organisation and affected both its reputation and bottom line. Not knowing where to start is common, Matrix are here to guide you through the process from initial systems architecture analysis through to the design & implementation of a full spectrum of cyber security services & technologies. “