Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Nouvelles chaudes

Supply chain hacks are on the rise. But most companies aren't prepared

13 oct. 2022 Hi-network.com
Image: Getty Images

The UK's cybersecurity agency has told firms to do more to protect themselves from attacks on their supply chains. 

The National Cyber Security Center (NCSC) has released new guidance for organizations due to what it says is a recent rise in supply chain attacks. 

Privacy

  • How to delete yourself from internet search results and hide your identity online
  • The best browsers for privacy
  • Samsung's smartphone 'Repair Mode' stops technicians from viewing your photos
  • Are period tracking apps safe?

Some notable recent cases include the 2020 attack on SolarWinds' software build system, the 2021 ransomware attack on customers of software vendor Kaseya, and the 2017 NotPetya attack via a Ukraine accounting program. It was on the heel of SolarWinds that US President Joe Biden issued his executive order to strengthen the nation's cybersecurity.

Also:The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

NCSC last February published a document about "defending the pipeline" and urged organizations and developers to automate software development with continuous integration and continuous delivery (CI/CD). 

In October last year, NCSC's CEO rated ransomware as the greatest cyber threat, but warned supply chain threats would be here for years.  

NCSC says in an announcement that the new guidance is aimed at helping medium and larger organizations "assess the cyber risks of working with suppliers and gain assurance that mitigations are in place." 

"It follows a significant increase in cyberattacks resulting from vulnerabilities within supply chains in recent years, including some high-profile incidents such as the SolarWinds attack," it said.

It also wants cybersecurity professionals, risk managers and procurement specialists to implement the NCSC's 12 supply chain security principles. 

Not many UK businesses are checking supplier-related security. According to the UK government's 2022 security breaches survey, over half of businesses large and small outsource IT and cybersecurity to third parties. Yet only 13% of UK businesses assessed risks posed by immediate suppliers. These respondents said cybersecurity was not an important factor in procurement.     

"Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers," said Ian McCormack, NCSC deputy director for government cyber resilience. 

"With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place."

The guidance is split into five stages, covering: why organizations should care about supply chain cybersecurity; identifying and protecting your 'crown jewels' in creating an approach; applying the approach to new suppliers; applying it to existing supplier contracts; and continuous improvement.

US spy agency, the NSA, last month published its software supply chain guidance, which was aimed specifically at developers. That month, the US Office of Management and Budget also issued new software procurement guidelines.  

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Tags chauds: technologie La sécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.
Our company's operations and information are independent of the manufacturers' positions, nor a part of any listed trademarks company.