In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning new trends that faces business regardless of industry.
The Growing Concern Of “Island Hopping”
Before we get to the industries, we need to look at this new trend that is growing within enterprise cybercrime. The idea of island hopping is defined by the practice of a cybercriminal gaining access to an organization’s network and essentially following that connection down the entire supply chain.
It is in cases like this, that the immediacy of something like the DFARS mandate and NIST SP 800-171 become apparent. In multiple instances, we’ve seen growing concern about the vulnerabilities of the supply chain and how critical vendor risk management is in the face of an expanding enterprise ecosystem. It is with this context that Carbon Black’s findings on the industries most at risk for this form of attack become clear
Top Industries For Island Hoppers
Carbon Black reports that financial and healthcare take the top spots for island hopping. The change, though, is the third space - manufacturing companies are up 41% from last quarter (not last year, last quarter). These industries take the top spots with good reason - companies in these industries are becoming archipelagoes of a supply chain. While there is typically a nexus of connections, it is the peripheral members of the supply chain that can be infected. Again, the most apparent scenario being the Department of Defense supply chain and the impending updates to NIST 800-171.
The value of a manufacturer's supply chain, specifically, may not be what you think. Carbon Black cites global trade and nation-state actors as the main perpetrators seeking the intellectual property stored within these networks as a means to compete on the global stage.
Securing the bridges between islands
In this case, burning the bridge is a good thing - enterprises especially need to ensure that they are monitoring the flow of information along their supply chain. 44% of participants in Carbon Black’s study cited a lack of visibility as the primary barrier to incident response.
Visibility, in this case, requires standardization. For many organizations, assessing their supply chain is a grueling process that at best is wielding a overloaded GRC system and at worst is managing a series of spreadsheets that grows exponentially by the number of vendors and number of versions. In order to consistently assess your supply chain, you need a tool that streamlines and automates the process rather than bogging down all the parties involved. We took a look at the critical capabilities to look for when buying a vendor risk management solution - see our download and infographic here.