Many high-profile breaches have happened due to weak links in an organisation's supply chain.
ITWeb Security Summit 2018
Book your seat today to attend the ITWeb Security Summit 2018 in Johannesburg and Cape Town.
Experts from around the world will be presenting, including Mikko Hypponen, who has been instrumental in uncovering and bringing down several infamous threats, and has assisted law enforcement agencies across the globe.
Get involved in #SS18HACK, choose from three half-day workshops or a full-day bootcamp, plus five training courses, and much more.
To find out more, go to: http://v2.itweb.co.za/event/itweb/security-summit-2018/?page=agendaday1
In an era when businesses are sharing growing volumes of digital information with suppliers and providing them access to their networks, this shouldn't come as a surprise.
So says Stewart Bertram, director, threat intelligence and professional services at Digital Shadows.
Bertram who will be facilitating a workshop on 'Threat Led Penetration Testing' at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.
He says sophisticated adversaries are finding vulnerabilities wherever they can, and often that means looking to an organisation's partners for weaknesses in defences. "Using the partner as a 'stepping stone,' they gain access to their ultimate target."
Digital shadow
Traditional defences that focus on protecting the perimeter are no longer sufficient, he adds.
"Attackers are identifying new vulnerabilities by actively surveying your organisation's digital shadow - a subset of your digital footprint that consists of exposed personal, technical or organisational information that is often highly confidential, sensitive or proprietary. And as your supply chain gets longer so does your digital shadow, affording cyber criminals more opportunities to steal valuable data and launch devastating cyber attacks."
Businesses need a proactive approach to defend against targeted attacks by engaging in supply chain security and through greater cyber situational awareness.
According to Bertram, digital risk management complements these efforts by providing an organisation with an attacker's eye view into information about themselves that is available online. It then alerts the business to potential threats, instances of sensitive data loss, or compromised brand integrity. Using that information organisations can prevent, detect and contain cyber-related incidents.
Points of compromise
Bertram says information is gathered by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep Web.
"Digital risk management provides relevant and contextual insight based on data that is company-specific and pertains to the industry, company size and geography. Specific to supply chain security, this may even include information about key partners that bad actors could use to infiltrate an organisation's network."
Awareness of digital risk and digital footprint can be used strategically to strengthen supply chain security and make the right investments for more effective defences as their digital shadows get longer, Bertram concludes.
Share
