The recent cyberattack on IT-monitoring company SolarWinds pushed supply chain weaknesses into the spotlight by highlighting just how unprepared many organizations are when it comes to defending against supply chain attacks.
These attacks often happen because they don’t know where to start or don’t believe themselves important or high-profile enough to be targeted.
In our new report, Minimizing the Risk of Supply Chain Attacks, we clear up the confusion around these attacks. The report covers how supply chain attacks work, best practices to defend against them, and the role of technology and services in minimizing the impact of such attacks.
Five best practice guidelines to defend against supply chain attacks
To minimize the risk of supply chain attacks, we recommend that you:
Switch from a reactive to proactive approach to cybersecurity. Once an attack becomes obvious, it’s often too late. You need assume you’re always compromised and hunt for threats before they find you.
Monitor for early signs of compromise. During investigations conducted by the Sophos Managed Threat Response (MTR) team, two things stand out as early indicators of compromise: one is the use of credentials for remote access/administrative purposes during off hours; the other is the abuse of system administration tools to conduct surveillance.
Audit your supply chain. Taking some time to map out a list of all the organizations you’re connected to can be invaluable. You can then assess the type of network access they have, what information could be accessed, and then lock down such access accordingly.
Assess the security posture of your suppliers and business partners. Determine the types of certifications and audits they’re subject to. There’s no specific number of audits that guarantee security, but it’s certainly an indication that the supplier takes security seriously.
Constantly review your own IT security operations hygiene. While the posture of your suppliers is critical in safeguarding against supply chain attacks, do not neglect your own cybersecurity hygiene. Be sure to:
Enable multi-factor authentication (MFA)
Review supplier access and application privileges
Proactively monitor supplier security bulletins
Review your cybersecurity insurance policy (if you have it)
These best practices and more are covered in greater detail in our new Minimizing the Risk of Supply Chain Attacks whitepaper.
Technology and service enablers
Defending against supply chain attacks is a complex endeavor. It’s more a case of handling the risk associated with them and softening the blow than stopping the attacks altogether.
The most devastating cyberthreats, like the SolarWinds hack, generally involve human-led, hands-on hacking. Stopping skilled human adversaries requires human-led threat hunting. Fortunately, Sophos has technologies and services available that are ideally placed to support the mitigations of these risks.
Sophos Intercept X with EDR
Designed for both security analysts and IT administrators alike, Sophos Endpoint Detection and Response (EDR) enables you to identify suspicious activity, prioritize threat indicators, and quickly search for adversaries across your endpoints and servers. It’s built on our leading endpoint protection technology, ensuring you start with the strongest defenses.
Learn more about Sophos EDR
If you don’t have the time, resources, or skills to conduct your own threat hunting, Sophos Managed Threat Response (MTR) is a dedicated team of cybersecurity experts who work around the clock to proactively hunt for, validate, and can optionally remediate potential threats on your behalf.
Learn more about Sophos MTR | Learn how the Sophos MTR team uncovered a backdoor implant in a SolarWinds Orion server
A zero-trust approach is based on the principle of “trust nothing, verify everything,” and embodies the proactive mindset required to mitigate the risks of supply chain attacks.
Sophos ZTNA, our new cloud-delivered, cloud-managed network access solution, provides granular access control for any networked application hosted on your on-premises network, in the public cloud, or any other hosting site. It covers everything from RDP access to network file shares, to applications like Jira, wikis, source code repositories, support and ticketing apps, and more.
Sophos ZTNA is currently as an early access program (EAP) and will available from mid-2021.
Learn more about Sophos ZTNA and register for the EAP
DOWNLOAD: “Minimizing the Risk of Supply Chain Attacks” full report ►