Security News > 2021 > April > 4 things you can do to minimize cyberattacks on supply and value chains

4 things you can do to minimize cyberattacks on supply and value chains
2021-04-08 05:15

Supply chain attacks target the weakest spot in most every enterprise's security program: third-party access.

The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim's extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems.

Doing so establishes an inventory of all third-party entities and the systems and data they're permitted to access - a fundamental component of third-party risk management.

Access certification processes are key to an identity governance program, requiring approvers, sponsors and other certifiers to verify and attest that users have the right access and permissions.

This verification process could also lead to detecting a supply chain attack should certifiers discover incorrect access assignments.

Unless the user's accounts and access rights are known BEFORE provisioning access, you won't be able to apply the access policies appropriate for the aggregate risk presented by the user.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kYaAcdyM8Ig/