Request Demo

Vendor Risk Management

Carbon Black Report Indicates Industries Most Targeted For Cyber Attack


In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning new trends that faces business regardless of industry.

The Growing Concern Of “Island Hopping”

Before we get to the industries, we need to look at this new trend that is growing within enterprise cybercrime. The idea of island hopping is defined by the practice of a cybercriminal gaining access to an organization’s network and essentially following that connection down the entire supply chain.

It is in cases like this, that the immediacy of something like the DFARS mandate and NIST SP 800-171 become apparent. In multiple instances, we’ve seen growing concern about the vulnerabilities of the supply chain and how critical vendor risk management is in the face of an expanding enterprise ecosystem. It is with this context that Carbon Black’s findings on the industries most at risk for this form of attack become clear

Top Industries For Island Hoppers

Carbon Black reports that financial and healthcare take the top spots for island hopping. The change, though, is the third space - manufacturing companies are up 41% from last quarter (not last year, last quarter). These industries take the top spots with good reason - companies in these industries are becoming archipelagoes of a supply chain. While there is typically a nexus of connections, it is the peripheral members of the supply chain that can be infected. Again, the most apparent scenario being the Department of Defense supply chain and the impending updates to NIST 800-171.

The value of a manufacturer's supply chain, specifically, may not be what you think. Carbon Black cites global trade and nation-state actors as the main perpetrators seeking the intellectual property stored within these networks as a means to compete on the global stage.

Securing the bridges between islands

In this case, burning the bridge is a good thing - enterprises especially need to ensure that they are monitoring the flow of information along their supply chain. 44% of participants in Carbon Black’s study cited a lack of visibility as the primary barrier to incident response.

Visibility, in this case, requires standardization. For many organizations, assessing their supply chain is a grueling process that at best is wielding a overloaded GRC system and at worst is managing a series of spreadsheets that grows exponentially by the number of vendors and number of versions. In order to consistently assess your supply chain, you need a tool that streamlines and automates the process rather than bogging down all the parties involved. We took a look at the critical capabilities to look for when buying a vendor risk management solution - see our download and infographic here.

You may also like

What Are the Benefits of the NIST ...
on October 10, 2019

The risks that come with cybersecurity can be overwhelming to many organizations. Building out a robust cybersecurity program is often complicated and difficult to conceptualize ...

Your NIST Cybersecurity Framework ...
on October 9, 2019

The National Institute of Standards and Technology developed the Framework for Improving Critical Infrastructure Cybersecurity, later dubbed the NIST Cybersecurity Framework ...

What is the CCPA and Who Must ...
on August 30, 2019

Following the European Union's General Data Protection Regulation (GDPR), and falling in line with the privacy laws of Massachusetts, Vermont, Ohio and many others, California's ...

Alison Furneaux
CISOs in the Boardroom: ...
on September 3, 2019

This week, I had the opportunity to speak at the ISACA 2019 Governance Risk and Control Conference in Ft. Lauderdale, FL. Having spent a career as both a cybersecurity ...

George Wrenn
Why GRC Needs IRM
on August 7, 2019

Today, every organization strives to optimize the speed with which they access information. Data is being stored, processed, transmitted and utilized in almost every day-to-day ...

Alison Furneaux
SSP and POAM Guidance for DFARS ...
on August 29, 2019

Defense federal acquisition regulation supplement (DFARS) Compliance has been top of mind for Prime contractors as well as Department of Defense (DoD) suppliers since before the ...

Alison Furneaux