• With the ever-increasing supply chain of the digital world, cyber-attacks are growing in number and weight.
  • The zero-confidence approach helps to increase the supply chain’s ability to withstand such attacks.
  • By enhancing the cyber security of each company in the supply chain, this method helps to secure these growing global business networks.

The supply chain is cyber attacks. It is expected to quadruple According to the European Cyber ​​Security Agency (ENISA) in 2021 compared to last year.

As these attacks spread, they became especially attractive to cybercriminals. An attack on an American software company Cassia In July 2021, it affected some 1,500 businesses worldwide. Almost only in Sweden 500 As a result of the attack, supermarkets were forced to close their checks.

This “single-target, multi-victim” situation has made supply chain attacks a hacker for hackers, especially when combined with Ransomware. The hackers who claimed responsibility for the attack have asked. $ 70 million Restore all affected business data.

This trend is particularly dangerous given the increase in digital connectivity. The security of a company does not depend solely on its own strength. Vulnerability in third-party products or systems can lead to cybercriminals entering the entire supply chain. This means you can no longer simply believe that your provider is cyber-secure – you just have to make sure. But how?

Zero confidence approach

Instead of assuming your company or product is safe, the zero-trust approach requires verification of all assets, user accounts or applications – confirmation of access to your systems. Even users in your own technology infrastructure They should verify their data every time they request to access any source inside or outside the network.

Instead of assuming your company or product is safe, the zero-trust approach requires verification of all assets, user accounts or applications.

– Dmitry Samarsev, BI.ZONE

Experts at Cyber ​​Polygon 2021Last July’s International Online Conference and Cyber ​​Security Training discussed how to increase the supply chain resilience using this zero-confidence approach. The training is also aimed at preventing supply chain attacks. These Expert discussions and practices He concluded three key conclusions as to why it is important to use Zero Trust to protect supply networks.

1. What if your vendor does not pay enough attention to cyber security?

The connecting provider may miss something while building a cyber security system or underestimate the need for secure development of products and services. This can expose your organization to data breaches if you unknowingly install vulnerable software or an unreliable cloud service.

  • Check the provider’s cyber security requirements before viewing the services or signing a software development agreement. Remember that you are liable in the contract under security conditions.
  • Perform standard quality assurance when exporting software development, especially when updates are released.
  • Involve independent experts to audit software and products.
  • Introduce continuous security monitoring solutions for the applications. With regard to the cloud service provider, you will need additional control methods, such as sessions and login resources, as well as session audits.

The supply chain is a multi-layered structure so your seller can work with other third parties and rely on their integrity without scrutiny.

– Dmitry Samarsev, BI.ZONE

2. What if your provider has a lot of trust in other third parties?

The supply chain is a multi-layered structure so your seller can work with other third parties and rely on their integrity without scrutiny. Even if one of these components has a low level of cyber security, it could be a point of entry into the overall supply chain.

Zero trust approach helps reduce this risk

  • Requires secure and secure access to all resources. Each time the user accesses an app or cloud storage, it will need to be re-verified. In fact, trying to access every network until the opposite is confirmed is considered a threat.
  • Using the smallest model, each user has limited access to data at the minimum required to perform their function. This cybercriminal prevents access to large data sets on a hacked account.
  • Analyze event logs or history and their sources in your apps and record unusual things in special software. This helps to identify the threats in your network and to identify the chain of events after the attack.

3. What if a criminal pretends to be your seller?

One of your employees may receive an email that appears to be from your provider, but it is actually a phishing email. Enterprise accounts go on To be one of the most challenging targets for cybercriminals and hackers Has happened The main way to pass on ransomware to companies.

The blue bar chart shows the percentage of causes of Bezaware infections.

According to a statistical study by 2020, phishing has become a major means of transmitting ransomware to companies.

Imaging Statistics, 2021

We got that 7 out of 10 sales representatives Falling into cybercriminal tactics when we pretend to be phishing attacks on our clients for training purposes. Therefore, even if advanced employees open doors for hackers, even advanced software solutions may not be enough to protect the company. Asking employees to verify all incoming messages will greatly reduce this risk. Our Research After two years of fishing practices, companies have seen a 9-fold reduction in the number of fishing boats.

The World Economic Forum’s cybersecurity center is leading an international response to address systemic cyber security challenges and improve digital trust. We are an independent and independent international forum committed to international dialogue and cyber security in the public and private sectors. To strengthen cyber security as a key strategic priority, we will bridge the gap between cyber security experts and senior decision makers.

Our society has three main issues.

Strengthen international cooperation – Increase international cooperation between public and private stakeholders to provide a common response to cybercrime and to address key security issues posed by cooperation barriers.

Understanding future networks and technology – To identify cyber security Challenges and opportunities created by new technologies, And accelerate future solutions.

Cyber ​​resistance – Develop and highlight measurable solutions to accelerate the adoption of better practices and increase cyber resilience.

Motivation a Partnership To address the global cyber enforcement gap by improving the efficiency and effectiveness of public-private partnerships in cybercrime investigations; Equipping business decision makers and cyber security leaders with the necessary tools Control cyber threatsProtecting business assets and investments from cyber-attacks; And increase cyber resistance in key industrial sectors such as electricity, aviation and Oil and gas. We also develop missions supported by our partners.

The forum is a signatory. Paris’s call for trust and security in the cyber space It aims to ensure digital peace and security, which encourages signatories to protect individuals and infrastructure, protect intellectual property, cooperate in defense, and prevent harm.

Please contact us for more information contact us.

The proceeds from supply chain attacks could be a major source of inspiration for cybercriminals today. As a result, supply chain security is an important issue for the digital community.

The zero-confidence system can significantly increase the resilience of each company in the supply chain, leading to greater stability for these growing networks. This test can be overcome by screening vendors and other entities inside and outside the system and by providing regular training to staff.