In many ways, 2021 was the year that global supply chains were pushed to their limits, both physically and digitally.
And while many underlying vulnerabilities were revealed, a number of important lessons were learned in the process. As we move into the near year, here is a review of challenges met and lessons learned:
The Biden Administration began the year by launching a '100-day sprint' to shore up the US power grid against cyber-attacks. This effort was part of a larger project to reinforce the country's utilities that’s projected to take years, if not decades to complete.
The million dollar question: How do we bootstrap our infrastructure into the 21st century without prompting a counterproductive showdown between the government and utilities operators?
As if on cue, the JBS and Colonial Pipelines attacks served a one-two punch aimed at two major staples. For many, this was the first time that a digital attack directly caused real-world consequences.
The fact that the damage from the JBS and Colonial attacks were concretely felt (both at the pump and the checkout counter) added a psychological element to these attacks that previous software breaches lacked.
A major contributor to supply chain attacks is that, for most organizations, the attack surface is only growing. For hackers to compromise an entire system, all they have to do is find one weak link. The more links you have, the higher the likelihood of that occurring is.
The key to effective attack surface management, then, is to reduce your attack surface as much as possible, without compromising other business functions in the process. Systems like Quantum Armor can help automate and improve this process.
From NASA to the State Department, federal agencies are relying on outdated systems, ignoring mandatory security patches and failing to protect classified data.
On August 3rd, the Senate Homeland Security Committee released a bipartisan 47-page review of the federal government's cybersecurity preparedness, and the title says it all: America's Data Still At Risk. This was a follow-up to their 2019 report, America's Data At Risk, which brought national attention to the shocking gaps that persisted across all branches of the US government. Two years and countless data breaches later, not much has changed.
While the entire report is worth a read, here are some of the main concerns highlighted by the senators.
While the global supply chain has only recently fallen into crisis, the digital supply chain has been under stress for years.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
According to a recent survey of 1,200 security leaders across a dozen industries, over 90% of organizations have suffered a security breach due to vulnerabilities in their supply chain. Pair this with the fact that the average vendor ecosystem now includes over 3,700 companies (up from 1,013 in 2020), and it's no surprise that supply chain cyberattacks have quadrupled in the last year alone.
No matter how secure your company may be, there's still a very high likelihood that you'll suffer a security breach through no fault of your own, and this trend will continue unabated until large-scale supply chain reforms are implemented.
Until then, here are three key digital supply chain risks along with proven policies to help with mitigation.
Update: Managing the Log4j Vulnerability
Top Four Cloud Security Tips for 2021
Securing Communication Channels in the Enterprise Environment