What is Supply Chain Intelligence?
Supply Chain Intelligence is an improved method for continuously discovering, monitoring, assessing and mitigating risk introduced to your organization through 3rd party technologies, vendors, and suppliers.
Supply Chain Attacks: A Growing Problem
Supply chain attacks are on the rise. In 2022 19% of breaches were supply chain attacks, causing a whopping $4.46 M of damage per incident, on average. 62% of system intrusion events occurred through the supply chain.
Why are supply chain attacks becoming so common and costly? There are a few reasons:
- The vendor explosion: The number of providers, digital suppliers and 3rd party technologies has gone through the roof. In fact, in 2021 organizations were using on average 110 SaaS apps – and that doesn’t take other types of vendors and digital suppliers into consideration. This makes it extremely hard to keep a complete and up-to-date inventory of all vendors and suppliers.
- Shadow Vendors: Today, employees can independently onboard new SaaS apps, purchase software from various vendors, or work with a new partner or technology. Security leaders don’t always get to approve these decisions, but they are responsible for the cyber risks that these third-party relationships introduce. Vendor numbers are growing and the control over vendor risk is starting to slip away.
- Attackers are giving preference to supply chain attacks; they see it as a small effort for a bigger payday. Why? Because it allows them to target many victims, while only needing to put in the time and effort to breach a single organization.
The Challenges of Traditional Supply Chain Intelligence
The traditional approach of managing supply chain cybersecurity risk is far from complete. The following limitations are putting companies at risk of major breaches:
- Supply chain Inventory management: Instead of discovering unknown vendors and suppliers, many traditional supply chain intelligence solutions require security teams to upload their list of suppliers, and as mentioned previously, this often only offers partial coverage. As employees are constantly adding new vendors, these lists are often outdated by the time the security team hits “upload”. Exposure can happen without security teams even knowing.
- The static nature of traditional assessments: Assessing vendor and third-party technology risk has traditionally been a static process, with periodic evaluations resulting in a static risk score. However, this approach can leave organizations vulnerable to security status changes, potentially resulting in breaches. To avoid such risks, a dynamic approach is required that offers a deeper understanding of vendor risk.
- Traditional assessment limitations: Traditional assessments typically only consider the supplier’s external attack surface, providing little visibility into deep and dark web activity. As a result, traditional solutions often lack insight into leaked data or exposed credentials. A more comprehensive approach is necessary to gain a more complete understanding of vendor risk.
- Business risk: Many traditional solutions fail to differentiate between the risk posed by a supplier with limited access to the organization and one that has the potential to significantly impact it. Security teams must have a precise understanding of risk so that it can be appropriately addressed and reported to stakeholders.
- Breach awareness: Despite a vendor having an excellent risk score, strong cyber hygiene, and a proactive approach to managing risk, they may still fall victim to a breach. It is crucial to remain vigilant, as even the best prepared companies are at risk. A static risk score can provide a false sense of security, leading to complacency. Instead, organizations must be informed immediately of any breaches, and a static risk score is inadequate to provide this level of protection.
While static risk scans may offer a “snapshot” score to assess a company’s security posture, such an approach can lead to a false sense of security and a failure to fully mitigate risk. Even companies with top security scores can fall victim to breaches, regardless of how recently their score was assessed. In today’s rapidly evolving threat landscape, relying on a static risk score is inadequate and puts organizations at risk. As a result, a more proactive and dynamic approach is needed to provide real-time risk assessments and threat intelligence, enabling companies to better protect their assets and mitigate risk.
The Solution? Continuous Monitoring of 3rd Party Risk
To effectively manage supply chain risk, continuous discovery and monitoring of vendors and third-party technologies is critical. This involves real-time assessment of vendor risks and the assignment of scores that are continuously updated to reflect changes in the vendor’s security posture. Any indications of targeted attacks or evidence of a breach should also be factored into the risk score.
In addition to scoring vendors based on their exposure and cyber hygiene, it is essential to identify and monitor shadow vendors that may have been overlooked. All vendors must be discovered, not just those that have been logged or reported by employees.
So, how can organizations achieve this level of supply chain intelligence?
1) Supply Chain Blind Spot Discovery
It is crucial to maintain a complete and up-to-date inventory of your supply chain, including shadow vendors and technologies that may have been added without the knowledge of your security team. To achieve this, attack surface monitoring can be employed to discover new vendors, and manual vendor addition should be an option when onboarding new vendors.
The risk score mentioned earlier must be continuously utilized against each vendor in your inventory to assess potential risk and prevent the implications of a major supply chain attack. By maintaining an up-to-date inventory that includes risk scores, organizations can make informed risk management decisions while accurately reporting to stakeholders.
2) Continuously Updated Risk Scores
A risk score needs to be correlated between 3 components that update in real time, so that attacks and risks are not missed. The components are:
- Security exposure and hygiene: Evaluating the level of exposure of the vendor and their ability to protect themselves. The risk score should consider factors such as the use of updated or outdated technology, patching practices, mail server blocking, and high severity open ports and web interfaces.
- Targeting levels: Threat intelligence should be utilized to determine if a vendor is being targeted for an attack. Monitoring deep and dark web chatter can help identify if the vendor’s name, domain, logos, and digital assets are being discussed in relation to potential attacks.
- Breach history: Organizations should have real-time access to information on whether a trusted supplier has experienced a security incident. The risk score should be immediately updated to alert stakeholders to the risks they are exposed to.
3) Real-time alerting when the risk score rises.
As the risk score of vendors and third-party technologies continuously updates, organizations must ensure that they are promptly alerted to any significant security events related to them. Accurate and real-time alerts play a critical role in this process, enabling security teams to proactively respond to potential threats and prevent them from causing any major disruptions.
alerts must seamlessly integrate with existing workflows via integrations with SIEM, XDR, and SOAR platforms.
4) Urgency to tackle must be evident.
A reliable supply chain intelligence solution should provide detailed information on each vendor’s level of organizational access, alongside their risk score. This contextual information can help security teams determine how urgently they need to deal with a high-risk vendor and take appropriate actions.
Cyberint’s Supply Chain Intelligence Solution
Traditional approaches that rely solely on Attack Surface Monitoring are not enough for addressing supply chain risks. A supply chain intelligence solution that integrates Attack Surface Monitoring with threat intelligence can offer a significant advantage.
At Cyberint, we have developed a cutting-edge module that directly addresses this challenge. Our Supply Chain Intelligence module enables automated discovery of third-party technologies and vendors and provides continuous monitoring for breaches and other relevant risks. As soon as a risk is identified, our module sends targeted alerts that enable a proactive response and mitigation.
Learn more about our supply chain intelligence solution here.