This article was provided by CNA.
The last two years in cybersecurity have been unprecedented. In 2020, there was the en masse transition to remote work as physical offices closed, and dining room tables and spare bedrooms became offices and classrooms. IT professionals were tasked with ensuring operations continued with minimal disruption. In 2021, little relief was found, as ransomware incidents continued to make daily headlines, increasing in both frequency and severity, and critical vulnerabilities in widely used software and operating systems being discovered. On the heels of ransomware is the cyber supply chain attack. As organizations invest in protecting their networks, bad actors are gaining access to an organization’s network through a trusted partner.
A cyber supply chain is an organization’s digital ecosystem — essentially, it’s all of the interconnected pieces of software and technology an organization has internally and externally that drives their operations and produces their products. Each of these interconnected pieces has the potential to be a gateway for malware. What makes cyber supply chain attacks different from other malware attacks is that they gain access through trusted access points and their activity appears normal. Recent examples of supply chain attacks are SolarWinds, Kaseya and the ongoing Log4jshell.
Digital supply chain attacks are difficult to prevent entirely. However, as underwriters, we consider how organizations invest in the following cybersecurity areas:
What is the maximum timeframe from when a software patch is released to when it is applied to the organization’s system? Patching would apply to all software and not just the Windows Patch Tuesday cycle.
Who is connected to your organization’s network? What data and level of access does each vendor have? Why do they have the connection, and is it still necessary? How does their security posture compare to the applicant?
Does the organization use multi-factor authentication, and to what extent? Authentication provides another layer of protection should a bad actor gain access to credentials.
Segmentation is all about reducing the attack surface as much as possible. Start by operating on a principle of least privilege. An organization that allows administrative access as a default poses a higher risk than one that grants access only so far as the role or project requires.
Because supply chain attacks are challenging to prevent, it’s important to focus on enabling quick detection and response.
There are no signs of cyber supply chain attacks slowing down. Along with ransomware, supply chain attacks are expected to increase fourfold. Exercising discipline and focusing on the above cybersecurity areas can help organizations manage risk within their cyber supply chain. The ownership of securing digital ecosystems to reduce the risk of potential events belongs to each individual and layer within the organization.
A blog created for Canada. Reference: Eric Edwards
In Canada, products and/or services described are provided by Continental Casualty Company, a CNA property/casualty insurance company. The information is intended to present a general overview for illustrative purposes only. Read CNA’s general disclaimer.
