In today’s extended digital landscape, the concept of a truly secure perimeter is a myth. With so many endpoints, network assets, and endless digital supply chains, it’s almost impossible to ensure that your network perimeter is impenetrable. However, most organisations are still relying on an inside-out approach to cybersecurity – looking out for incoming threats and trying to arrange their defences accordingly.
As organisations’ supply chains grow and become more digital, threat actors are increasingly targeting third parties to gain access to the enterprise network. Organisations can spend a significant amount of resources in building their internal defences and security strategies, but how will they guarantee that a vulnerability won’t occur from a third party?
In the past year, nearly 60% of all data breaches were initiated via third-party vendors. These attacks are sometimes undetectable by the usual outwards-facing approach to security until they have already breached the perimeter.
So, it’s high time businesses rethink their security strategy, and apply a more proactive ‘outside-in’ approach to complement the traditional inside-out approach.
The critical threat of supply chain attacks
Supply chain attacks target one of the most critical foundations of most business operations – Why you must enhance visibility and control of your expanding supply chain
The 2020 SolarWinds attack targeting US government organisations is perhaps the most notorious example, with a highly skilled threats group exploiting a trusted software vendor to push out malware-laden code that bypassed normal security precautions. While such attacks were once largely the work of high-level threat actors, rapid digitalisation has made supply chain tactics more accessible. Many businesses today have comprehensive digital supply chains, so even low-level criminal organisations have a greater attack surface and more connections at their disposal.
It is possible for an attacker to gain access to an organisation’s data or systems via a third-party. If an outside supplier or contractor is breached, attackers may use their credentials to gain access to your network. Data analysis and accounting are only two examples of services that may store copies of private information on servers they don’t manage. The security state of these third-party sites is unlikely to be visible to SOC teams or other conventional security monitoring methods.
Therefore, even the most meticulously planned outward-looking security procedures may be undone by a third-party partner with less mature security practices. Every supplier has its own set of contacts, which just adds to the complexity of the situation. Each company today operates inside a complex supply web, rather than a linear supply chain, and security breaches at any point may have far-reaching effects.
Establishing visibility using an ‘outside-in’ approach
An outside-in strategy to data monitoring entails implementing external attack surface management solutions in addition to conventional internal vulnerability assessments and threat monitoring. This requires continuously scanning the internet for any company-related assets that might be exposed.
This strategy will aid in uncovering “unknowns” that the firm was previously unaware of. A sales partner, for instance, may have a client database as part of its service, but may mistakenly expose it by keeping it in an unprotected, publicly available AWS bucket. External attack surface management solutions will identify such susceptible assets, independent of their location or creation method.
Crucially, this view extends to “Nth-party” connections – the suppliers-of-suppliers that extend outwards through the entire supply web. The average network of connections is now so complex that it is impossible to accurately trace back all the possible routes of risk exposure. An outside-in approach bypasses this complexity to find the vulnerabilities directly.
When a breach or leak does occur, external monitoring can quickly identify any company-related data by monitoring the open and dark web. This might give the data owner the opportunity to shut down or minimise the breach before it occurs. In the best-case situation, the data can be removed, or at the absolute least, the organisation can get an accurate understanding of the scope of the breach. This allows the company to provide a precise and measured reaction, as opposed to a generic public announcement of a breach.
The optimal method for continuous external monitoring is a combination of AI and human-led analysis. This combines the speed and accuracy of AI with the context and expertise of human analysts to provide actionable insights.
An automated, AI-assisted approach has fast become the only way to untangle the complexity of dense supply webs. As firms continue to invest in digitalisation, extended supply chains will only become more convoluted, and present an even greater attack surface for threat actors. Firms must have the ability to monitor and mitigate these risks before they fall victim to the latest supply chain attack.
Camille Charaudeau is the VP of Strategy at CybelAngel