How Cybersecurity Measures Can Prevent Software Supply Chain Disasters

Given today's precarious landscape, it is vital that supply chain, logistics, and manufacturing companies implement flexible cybersecurity solutions that optimize IT performance and keep organizations safe.

James Thew Stock adobe com
James Thew/

With geopolitical turmoil shaking up global supply chain markets, more companies than ever are vulnerable to cyberattacks. Given today's precarious landscape, it is vital that supply chain, logistics, and manufacturing companies implement flexible cybersecurity solutions that optimize IT performance and keep organizations safe.

Supply chain cyberattacks are on the rise. In such attacks, bad actors gain access to enterprise networks by compromising third-party systems. After criminals insert malicious code into applications in the supply chain, this software becomes a Trojan Horse, in a manner of speaking.

According to Business Insider India, attacks on supply chains have been increasing by 37% every year, and roughly 40% of all manufacturing brands faced cyber outages during the pandemic. For the first time ever, in March of this year, McKinsey listed global supply chain disruptions as a serious business risk.

Impose minimum security requirements for suppliers

Given that attackers target third-party vendors without adequate cybersecurity controls in place, it is important to get as much visibility into your software supply chain as possible. Be sure to check your suppliers' security protocols and assess where the software is developed and how it's packaged. To ensure supply chain integrity, request security compliance verifications (such as ISO 27001 or CyberEssentials Plus) from all of your vendors. Regularly audit the security of the companies that provide you with software, as well as all the open-source repositories from which their developers pull.

As an important caveat, do not provide your suppliers with prescriptive security advice during audits. Without question, it is important that your suppliers are properly addressing the security of their networks; however, if you give advice about specific measures that they should take, there is a chance that you could be held liable in the event of a breach.

Employ a zero trust mindset

In addition to making sure that your third-party vendors are certified with regulatory compliance standards, be sure to employ a zero trust network architecture (ZTNA) within your enterprise. Essentially, this means that you should assume that every access request has been compromised. Until you confirm otherwise, IT personnel should always assume that there has been a breach in the network.

Supply chain attacks tend to exploit privileged access and software that uses open communication channels, so it is important to limit employees' access to data, applications, and systems across the board. Employees should only be granted access to the least amount of data necessary—for the least amount of time—that is required for them to do their jobs.

Make patching a priority and use analytics to monitor insider threats

Bad actors are constantly on the lookout for vulnerabilities within third-party systems, which makes it important to use adequate patch management tools. Good solutions will offer patch deployment for Windows, Mac, and Linux systems, as well as hundreds of third-parties systems.

Through the use of user and entity behavior analytics (UEBA) tools, it's easy to catch insider threats. With such tools, any anomalous activity on the network—whether innocuous or not—can be flagged, sending an automated alert to IT personnel.

Consider using a vendor privileged access management (VPAM) solution

If you work with many vendors, an effective VPAM tool can be a good way to maintain the integrity of your corporate network. When you utilize applications and systems from outside entities, representatives from these entities sometimes need to troubleshoot and support their products on your network, which can require privileged remote network access. 

With a VPAM solution, your IT personnel can effectively identify and authenticate the representatives from third-party vendors; then, once authenticated, access and permissions can be granted based upon the users' credentials and the task at hand. Additionally, in order to ensure compliance with security regulations, a good VPAM tool will facilitate session monitoring, recording, and auditing. 

Have an incident response plan in place

In the event of a successful attack, it is vital to have a strategy in place to minimize the damage to your operations and infrastructure. If there's been a data breach, be sure to notify the appropriate authorities and your customers.

An effective incident response plan will prevent your business operations from being suspended. Be sure to record all the events that led up to the attack, as audit trails will help prevent such an attack from occurring again. For more detailed guidance, the National Institute of Standards and Technology (NIST) and the SysAdmin, Audit, Network, and Security Institute (SANS) have industry-standard incident response frameworks in place.

It's important to remain vigilant

Even if your organization has never experienced a supply chain attack, it is important to be vigilant. According to Gartner, 45% of all organizations will endure an attack on their software supply chains by 2025. Moreover, such attacks are particularly nefarious because they often go undetected for long periods of time, which allows bad actors to siphon invaluable customer data. This can result in heavy fines and immense reputational damage. 

Supply chain software attacks have become so prevalent that NIST has released a cybersecurity supply chain risk management strategy (C-SCRM), and Section 4 of President Biden's Executive Order 14028 recently gave NIST marching orders to create new standards, tools, and best practices to enhance supply chain security.

It remains to be seen what this will ultimately look like; however, in the interim, you can protect your organizations by mandating minimum security requirements for suppliers; employing a Zero Trust architecture; prioritizing patching; using analytics to monitor insider threats, and having an effective incident response plan in place.