• Product
      • ROAR Platform
      • ZenComply
      • ZenRisk
      • ZenGRC Platform
      • Risk Intellect
      • Pricing
    • Solutions
      • By Industry
        • Technology
        • Financial Services
        • Hospitality
        • Healthcare
        • Government
        • Education
        • Retail
        • Media
        • Insurance
        • Manufacturing
        • Oil & Gas
      • By Framework
        • Popular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • Privacy
          • CCPA
          • GDPR
        • Health Care
          • HIPAA
        • Government
          • NIST
          • FedRAMP
          • FERPA
          • CMMC
          • FISMA
        • Finance
          • SOX
          • COBIT
    • Success
      • GRC Experts
      • Customer Success
      • Services
    • Resources
      • Resource Center
      • Reciprocity Community
      • Newsroom
      • Events
      • Blog
      • Customer Stories
      • Content Registry
    • Company
      • About Us
      • Contact Us
      • Careers
      • Leadership
      • Trust Center
      • Partners
    Try it free
      Get a Demo Try it free

        Don’t Let Supply Chain Attacks Get the Best of You

        Published January 10, 2022 • By Reciprocity • Blog
        Image

        The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.

        Compromising a business supply chain is a key goal for cyber attackers. This is especially true for companies that provide software or services to other organizations, as criminals can gain immediate access to thousands of targets (or more!) in a single attack.

        While these types of attacks once focused purely on ransomware – e.g., attackers encrypting your data so you can’t conduct business and holding the decryption key for ransom to extort money from you – they’re becoming more sophisticated, and more aggressive.

        Criminals are increasingly utilizing a Quadruple Extortion Scheme for supply chain attacks. This means they do more than encrypt your data and hold it for ransom. They also threaten to publicize the data breach in a way that will damage your company’s reputation, they target your customers with additional attacks, and they create cyber risks that can have an effect on your entire supply chain.

        As almost every company is part of a supply chain, practicing due diligence in supply chain compliance is key. This means that every infosec leader should be focused on mitigating the risk that one or more of their third party vendors might pose to their organization’s security.

        To shore up your supply chain risk profile, you need to be sure that your vendors have been appropriately risk rated and that their security policies and procedures meet your company’s requirements. Here are three things to consider when doing a risk assessment of your third party vendors:

        1. Employees are the #1 security risk in any environment. So, it’s important to confirm that every third party partner trains their employees in ways that you find satisfactory.
        2. Standardized controls are a must have. This means reviewing the security stance of your supply chain partners and verifying they scrutinize their compliance controls to the same extent that you scrutinize your own.
        3. Infrastructure is important. To limit the risk that could be introduced by your vendors, you need to be sure they have a technology infrastructure that will provide business continuity if something does happen.

        Ultimately, your supply chain is an extension of your organization, so it is in your best interest to have a supply chain risk management plan that considers the potential risks and vulnerabilities of every one of your third party partners to ensure their risk appetite aligns with your own.

        To learn more about the growing number of supply chain attacks and other risks to your organizational security, watch our recent webinar: Top Cyber Risk Trends: Where to Focus Your Efforts in 2022.

        Latest Blog

        View All
        Image
        Get a Head Start on Your PCI DSS v4.0 Overhaul

        Recommended

        Image
        How to Choose a Compliance Management Tool
        Image
        How to Assess and Improve Your Cybersecurity Posture
        Image
        How to Avoid the Common Risks of Implementing New Software

        GRC tips straight to your inbox

        Sign-up for the GRC Weekly Digest email featuring new blogs, GRC events, industry research, and more.

        Thank you for signing up for our newsletter! GRC Expertise is on its way!

        Recommended

        image
        Security

        10 Common Types of Phishing Attacks and How to Identify Them

        Read more
        image
        Security

        Top 5 Best Internal Controls for Cyber Risk Mitigation

        Read more
        image
        Risk

        How Deep Learning Can Be Used for Malware Detection

        Read more

        Get Cyber Risk Clarity Free and Easy

        ROAR Platform: Try it Free
        Reciprocity Logo
        Product
        • ROAR Platform
        • ZenComply
        • ZenRisk
        • ZenGRC Platform
        • Risk Intellect
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • GRC Experts
        • Customer Success
        • Services
        Resources
        • Resource Center
        • Reciprocity Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners

        (877) 440-7971

        Contact Us

        (877) 440-7971

        Contact Us

        © 2022 All rights reserved

        Privacy Policy