Software supply chain attacks endeavor to access sensitive data for financial gain or to tarnish reputations. In this article appearing in RMMagazine.com, Danika Blessman explains this type of attack further, and lists steps we can take to protect ourselves against attacks of this nature.
What is a Software Supply Chain Attack?
An attack of this kind occurs when malicious code is inserted into legitimate software, which is usually a trusted application. This application is then distributed for an initial installation or via regular updates to the trusted application, aiming to infect the trusted source and gain access to certain networks. Examples include, Kingslayer and “NotPetya.”
Impact On Business
Most significantly, these attacks provide remote access to an organization’s network, thus letting them steal, delete and modify sensitive data. As a consequence, this can negatively impact a company’s reputation.
Protecting Against Software Supply Chain Attacks
- Strategy: Ensure that the organization has a comprehensive, documented security defense strategy in place. There is also merit in implementing overlapping and complementary security controls.
- Comprehensive Control: It’s crucial to hold vendors to the same security standards as you do the rest of the organization.
- Include Cybersecurity Intelligence and Awareness: Well applied threat intelligence can spread awareness as regards threats and must be included
intooperations to help the organization be better prepared.
- Assess Risks: Allay vulnerabilities to applications (possibly manufactured or shipped from overseas) with updates and patches to software already in use, or by avoiding the use of the software.
- Cut Out the Bad: Following the US governments banning of installations or uses of networks of software from vendors with affiliations to Russia, Iran, and China, organizations will do well to follow their lead.
- Blockchain: The implementation of blockchain technology is being considered to enable better assessments of risk and enhanced trust in information across the supply chain.
Click on the following link to view the original article in full: http://www.rmmagazine.com/2019/02/01/protecting-your-software-supply-chain/