How often do you consider the impact a breach in your supply chain could have?
Many companies depend on a variety of external vendors and partners to support their business activities. These interdependent relationships form a complex third-party ecosystem called the supply chain. Due to its complexity, the supply chain is an attractive target for cybercriminals.
The Supply Chain Risk
Unfortunately, a growing number of breaches are being attributed to supplier vulnerabilities. In January 2019, Managed Health Services of Indiana announced that a phishing attack against a transportation vendor resulted in personal data for 31,000 patients being stolen. More recently, Wipro, one of the largest technology service suppliers in the world, was infiltrated in order to attack their customers. Again, the entry point was a phishing scam targeting Wipro employees, whose accounts were then weaponized against retail customers as part of a gift card fraud scheme.
While the security industry has made significant progress thwarting generalised email attack campaigns, more directed impersonation and business email compromise (BEC) attacks are harder to detect and are increasing in virulence. Given that email impersonating a trusted business partner is more likely to trick the target into taking an unauthorised action, it’s time to shine more light on the supply chain as an abuse vector.
How to Fight Back
- Securing email communication to effectively defend your company against BEC and EAC attacks—which, according to the FBI, have cost businesses $26B between June 2016 and July 2019—is a key first step to mitigating supply your chain risk
- How DMARC and dynamic imposter detection can help you start to establish trust in your communication, it will give you visibility of the security journey your own supply chain is on, allowing you to guide and advise them as appropriate
- Understand your human attack surface and quantify risk
- Gain insights into how a people centric security model will help you quantify risk, understanding who is being attacked and who is vulnerable to attack allowing you to deliver targeted education to act as your best line of defence against social attacks
Throughout this virtual boardroom, we’ll explore how to get visibility and control of your supply chain communication, the technical controls you should put in place to mitigate risk as well as highlighting how taking a people centric approach to security can be your best line of defence. This will also be an opportunity for the boardroom participants to share insights and experiences, from within their own organisations.
This virtual boardroom will also equip you with real-life case studies of how other businesses are obtaining practical approaches to supply-chain risk management, as well as the steps you could consider in order to gain visibility and control of the business risk. We will also address:
- Attain a practical approach to supply-chain risk management
- An overview of how to obtain visibility and control of business risk within your organisation
- Gain clarity on the first steps to mitigating supply chain risk
- Analysis into detecting, analysing and blocking advanced threats delivered through malicious attachments and URLs, before they reach your employees
- In-depth examination of how supply chain visibility can reduce complexity and boost efficiency
- Insights into developing and delivering targeted education to act as your best line of defence against social attacks
- Tangible tips and guidance on how to reduce risk and protect users across the whole organisation
Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, we help companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including more than half of the Fortune 1000, rely on us for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.
“Solid event to share experiences with peers. Reconfirming & reassuring.”