• Product
      • circleROAR Platform
      • kes tagPricing
    • Solutions
      • By Industry
        • TechnologyTechnology
        • Financial ServicesFinancial Services
        • HospitalityHospitality
        • HealthcareHealthcare
        • GovernmentGovernment
        • Higher EducationEducation
        • retailRetail
        • MediaMedia
        • InsuranceInsurance
        • ManufacturingManufacturing
        • Oli & GasOil & Gas
      • By Framework
        • PopularPopular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • PrivacyPrivacy
          • CCPA
          • GDPR
        • HealthcareHealth Care
          • HIPAA
        • GovernmentGovernment
          • NIST
          • FedRAMP
          • CMMC
        • FinanceFinance
          • COBIT
    • Success
      • customer-successCustomer Success
    • Resources
      • Resource CenterResource Center
      • Reciprocity CommunityRiskOptics Community
      • NewsroomNewsroom
      • EventsEvents
      • BlogBlog
      • Customer StoriesCustomer Stories
      • Content RegistryContent Registry
    • Company
      • About UsAbout Us
      • Contact UsContact Us
      • CareersCareers
      • Leadership
      • Trust CenterTrust Center
      • PartnersPartners
      Get a Demo

        Don’t Let Supply Chain Attacks Get the Best of You

        Published January 10, 2022 • By Reciprocity • Blog
        hooded hacker launches a cyber attack on a supply chain

        The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.

        Compromising a business supply chain is a key goal for cyber attackers. This is especially true for companies that provide software or services to other organizations, as criminals can gain immediate access to thousands of targets (or more!) in a single attack.

        While these types of attacks once focused purely on ransomware – e.g., attackers encrypting your data so you can’t conduct business and holding the decryption key for ransom to extort money from you – they’re becoming more sophisticated, and more aggressive.

        Criminals are increasingly utilizing a Quadruple Extortion Scheme for supply chain attacks. This means they do more than encrypt your data and hold it for ransom. They also threaten to publicize the data breach in a way that will damage your company’s reputation, they target your customers with additional attacks, and they create cyber risks that can have an effect on your entire supply chain.

        As almost every company is part of a supply chain, practicing due diligence in supply chain compliance is key. This means that every infosec leader should be focused on mitigating the risk that one or more of their third party vendors might pose to their organization’s security.

        To shore up your supply chain risk profile, you need to be sure that your vendors have been appropriately risk rated and that their security policies and procedures meet your company’s requirements. Here are three things to consider when doing a risk assessment of your third party vendors:

        1. Employees are the #1 security risk in any environment. So, it’s important to confirm that every third party partner trains their employees in ways that you find satisfactory.
        2. Standardized controls are a must have. This means reviewing the security stance of your supply chain partners and verifying they scrutinize their compliance controls to the same extent that you scrutinize your own.
        3. Infrastructure is important. To limit the risk that could be introduced by your vendors, you need to be sure they have a technology infrastructure that will provide business continuity if something does happen.

        Ultimately, your supply chain is an extension of your organization, so it is in your best interest to have a supply chain risk management plan that considers the potential risks and vulnerabilities of every one of your third party partners to ensure their risk appetite aligns with your own.

        To learn more about the growing number of supply chain attacks and other risks to your organizational security, watch our recent webinar: Top Cyber Risk Trends: Where to Focus Your Efforts in 2022.

        Why sign up for the Risk Insiders newsletter?

        To stay in the know! Get new blogs, resources, CPE opportunities, industry research & more — direct to your inbox.

        Thank you for subscribing to the Risk Insiders newsletter!

        Recommended

        Image
        CISO and Trust: Why It Matters
        businessman and CISO shaking hands outside of an office building
        Security

        CISO and Trust: Why It Matters

        Read more
        Image
        What Is an Audit of Internal Control Over Financial Reporting?
        financial data chart
        Compliance

        What Is an Audit of Internal Control Over Financial Reporting?

        Read more
        Image
        Cybersecurity Awareness Tip: Using Strong Passwords
        Cybersecurity tip: Use strong passwords
        Security

        Cybersecurity Awareness Tip: Using Strong Passwords

        Read more

        Get Cyber Risk Clarity Free and Easy

        Get a Demo
        Product
        • ROAR Platform
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • Customer Success
        Resources
        • Resource Center
        • RiskOptics Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners
        Contact Us
        Contact Us

        © 2023 All rights reserved

        Privacy Policy