<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Vendor Risk Management

Carbon Black Report Indicates Industries Most Targeted For Cyber Attack

down-arrow

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning new trends that faces business regardless of industry.

The Growing Concern Of “Island Hopping”

Before we get to the industries, we need to look at this new trend that is growing within enterprise cybercrime. The idea of island hopping is defined by the practice of a cybercriminal gaining access to an organization’s network and essentially following that connection down the entire supply chain.

It is in cases like this, that the immediacy of something like the DFARS mandate and NIST SP 800-171 become apparent. In multiple instances, we’ve seen growing concern about the vulnerabilities of the supply chain and how critical vendor risk management is in the face of an expanding enterprise ecosystem. It is with this context that Carbon Black’s findings on the industries most at risk for this form of attack become clear

Top Industries For Island Hoppers

Carbon Black reports that financial and healthcare take the top spots for island hopping. The change, though, is the third space - manufacturing companies are up 41% from last quarter (not last year, last quarter). These industries take the top spots with good reason - companies in these industries are becoming archipelagoes of a supply chain. While there is typically a nexus of connections, it is the peripheral members of the supply chain that can be infected. Again, the most apparent scenario being the Department of Defense supply chain and the impending updates to NIST 800-171.

The value of a manufacturer's supply chain, specifically, may not be what you think. Carbon Black cites global trade and nation-state actors as the main perpetrators seeking the intellectual property stored within these networks as a means to compete on the global stage.

Securing the bridges between islands

In this case, burning the bridge is a good thing - enterprises especially need to ensure that they are monitoring the flow of information along their supply chain. 44% of participants in Carbon Black’s study cited a lack of visibility as the primary barrier to incident response.

Visibility, in this case, requires standardization. For many organizations, assessing their supply chain is a grueling process that at best is wielding a overloaded GRC system and at worst is managing a series of spreadsheets that grows exponentially by the number of vendors and number of versions. In order to consistently assess your supply chain, you need a tool that streamlines and automates the process rather than bogging down all the parties involved. We took a look at the critical capabilities to look for when buying a vendor risk management solution - see our download and infographic here.

You may also like

Informing Cyber Risk Management ...
on May 18, 2023

Cybersecurity is no longer just an IT issue but a business risk that can impact an organization's reputation, financial health, and legal compliance. Cybersecurity risks are ...

Is Your Organization Prepared for ...
on May 3, 2023

Data storage, as well as maintenance tools and applications, have undergone many iterations in the past decade, with the introduction of cloud computing and Security Information ...

Strategies for Automating a Cyber ...
on May 8, 2023

Cybersecurity leaders and teams are overburdened by several growing trends and issues. And when your cybersecurity team is overworked and unequipped to manage cyber risk ...

Selecting the Right Cyber Risk ...
on April 13, 2023

Cyber risk quantification is the process of determining the likelihood and potential impact of a cyber attack or security breach. The probability and impact will vary based on ...

Leveraging Cyber Security ...
on May 26, 2023

A common misunderstanding with cyber risk management is that only the CISO and security practitioners should be concerned about cyber and information security. Instead, the state ...

Tips and Tricks to Transform Your ...
on April 12, 2023

Simply being “cyber aware” is an unviable option for board members as the impact of cybersecurity expands beyond IT systems. An unnoticed security gap or dated risk assessment are ...