Accenture cybersecurity report sees risks from hacker groups and vulnerabilities in supply chains, the cloud
01/29/2020
As cybersecurity becomes an increasingly crucial priority for businesses and individual employees, financially motivated criminal groups are increasingly targeting third-party partners and suppliers to gain access to otherwise secure systems, according to Accenture’s most recent Cyber Threatscape Report, which tracks emerging threats and trends in the cybersecurity realm.
“Cybercriminals have continued to test the resilience of organizations and governments by layering attacks, updating techniques and establishing new, intricate relationships to better disguise their identities,” the report finds. “It is no longer enough to plan for attacks or understand what to expect. To help reduce business risks, organizations need to make a security pivot of their own.”
Where threats reside
For the next several months, threats include events like elections in the U.S. and across Europe; bids by nations like Georgia, Ukraine, Sweden and Finland to join NATO; the European Union’s plans to add nations like Turkey, Montenegro and Serbia; and the 2020 Tokyo Summer Olympics.
The report targets five trends in cyberthreats:
- Compromising geopolitics: New threats emerge from disinformation and technology evolution
- Cybercriminals adapt, hustle, diversify and are looking more like states
- Hybrid motives pose new dangers in ransomware defense and response
- Improved ecosystem hygiene is pushing threats to the supply chain, turning friends into frenemies
- Life after meltdown: Vulnerabilities in cloud infrastructure demand costly solutions
Supply chain security and guarding the cloud
For the purpose of discussing procurement technology, let’s look at what the report says about supply chains and using the cloud.
Accenture analysts note that the threat from adversarial nation-states continues to grow as they build and leverage malicious resources that take advantage of vulnerabilities in complex supply chains.
Small-scale suppliers make particularly ripe targets, as they often lack robust cybersecurity defense while offering a digital connection to customers via supplier portals and trusted relationships. Mergers and acquisitions also create risks for businesses with different cybersecurity policies and considerations. Accenture offers a framework by which merging organizations can better measure and mitigate the risk of cyberthreats, particularly within cloud storage services and vendor device installations.
Exploiting vendor-supplier trust
Compromising software supply chains has been a popular attack vector over the past few years. Malicious organizations use previously obtained digital credentials to sign software updates that have been altered to contain malware used to provide deeper access and greater control over affected systems.
This style of attack is especially troublesome because it takes advantage of the trust that organizations put in third-party software suppliers and are extremely difficult to detect, with Accenture observing an average “dwell time,” or time that outside actors have access to the system, of approximately six months. During that time, additional links in the supply chain can be compromised and large amounts of highly sensitive data can be collected.
Beware of geopolitical changes in power
As supply chains become increasingly globalized, Accenture warns that businesses should also be wary of misaligned incentives as trade conflicts emerge and the balance of global power continues to shift.
New or existing suppliers, especially in tightly controlled countries like China or Vietnam, are at risk of being pressured by legal or extralegal means to abuse their supplier-customer relationships through intellectual property theft or by offering favorable terms to only politically approved partners.
In the era of state-backed cyber espionage, disparate foreign suppliers could also become unsuspecting vectors for supply chain infiltration, especially in cases where cybersecurity practices are based on national standards and not independently developed or verified.
To reduce the risk of exploits carried out via supply chains, Accenture analysts strongly recommend integrating external cyberthreat intelligence (CTI) reporting alongside internal data and standards when managing cyber-risks. Using CTI, organizations can develop a greater understanding of landscape of threats they face, including actors who have targeted members of their supply chain in the past or which links in the supply chain are most susceptible to attacks in the future.
Businesses are also encouraged to survey their suppliers to understand their cybersecurity policies in order to develop downstream security policies in the event they cannot persuade suppliers to conform to a desired cybersecurity policy. Data gathered in these surveys can also be shared across the supply chain to help other links better understand and prepare for risks they may face.
Investigate M&A targets
Of the many challenges associated with mergers and acquisitions, the risk of inheriting cybersecurity weaknesses or previously compromised systems has become more prevalent in recent years, and cyberthreat intelligence is as important here as in supply chain considerations.
Similar to supply chain participants, Accenture indicates that potential M&A targets should be thoroughly vetted to understand threats or actual security breaches from the past and compared against the target profiles of known malicious actors. Inventory should also be taken of software and policies utilized by the target company to identify areas where cybersecurity will need to be reviewed to ensure it meets the standards of the acquiring organization. Once a purchase has been completed, CTI should be leveraged to help guide cybersecurity professionals to programs or areas of greatest vulnerability to be monitored while the businesses are integrated with one another.
Cloud storage security and vendor device testing
Accenture analysts put particular emphasis on cloud storage security, where the concept of “storage as a service” has caused many organizations to become complacent and left cybersecurity of these systems to third parties.
The U.S. Department of Homeland Security suggests implementing common but vital security measures for these systems, like enabling two-factor authentication and setting up synchronized password management for network management teams.
The Accenture team also highlighted risks associated with vendor device testing, where new systems or tools are tested for integration with a client’s operating environment. While systems are often tested for vulnerabilities at initial integration, partners and service providers remain susceptible to attacks and malicious changes to their firmware or software beyond this initial stage.
Accenture recommends performing regular site acceptance tests whenever new vendor devices or tools are delivered.
Finally, wherever and whenever possible Accenture analysts recommend continuous monitoring of software and hardware, especially after updates or new installations, to detect anomalies before they can grow into compromises of broader systems.
-
-
Risk SXM SRM01/22/2018
-
-
CORE11/02/2020
-
-
-
Risk SXM SRM01/22/2018
-
-
CORE11/02/2020
-