Connect with us

Published

on

Supply chains are the connective tissues that facilitate global trade and prosperity. These networks of overlapping and related companies are becoming increasingly complex.

In particular, SMEs may not be proactive in managing security in their supply chains or may not have sufficient resources in this regard.

To companies’ partners and suppliers cyber security Blind trust in this issue is not sustainable under current conditions.

So how can you reduce cybersecurity risks lurking in supply chains?

supply chains

What is supply chain risk?

Supply chain cyber risks can come in many forms, from ransomware and data theft to denial of service (DDoS) and fraud. Professional services firms, such as lawyers, accountants or software companies, can influence traditional suppliers.

Attackers can also go after managed service providers (MSPs) because by compromising a single company in this way, they can potentially gain access to multiple downstream customer businesses. A study last year found that 90 percent of MSPs had experienced a cyber attack in the previous 18 months.

supply chains

Major types of supply chain cyberattacks

Compromised proprietary software: Cybercriminals are getting bolder. In some cases, they can find a way to compromise software developers and insert malware into code that is then delivered to downstream customers.

Attacks on open source supply chains: Many developers use open source components to speed up time to market for software projects. But threat actors know this and are adding malware to components and making them available in popular repositories. Threat actors are also quick to exploit vulnerabilities in open source code that some users may be slow to patch.

Impersonating suppliers for fraud: Sophisticated attacks, known as business email compromise (BEC), are sometimes carried out by fraudsters impersonating suppliers to trick a customer into sending money. The attacker typically hijacks an email account belonging to one party or another, monitoring email flows until it’s time to step in and send a fake invoice with the bank information changed.

Credential theft: Attackers steal suppliers’ login credentials in order to attack the supplier or its customers (where they can access their networks).

Data theft: Many vendors, especially companies with proprietary corporate secrets such as law firms, store sensitive data about their customers. These companies present a tempting target for threat actors looking for information they can use to extort money or make money through other means.

supply chains

Regardless of the type of supply chain risk, the outcome can be the same: financial and reputational damage and litigation, operational disruptions, lost sales, and angry customers. It is possible to manage these risks by following best practices.

  • Conduct due diligence on new suppliers. This means checking that your security programs comply with your expectations and that they have basic measures for threat protection, detection and response. For software vendors, this should also extend to whether they have a vulnerability management program and what their reputation is for the quality of their products.
  • Manage open source risks. This may mean using software composition analysis (SCA) tools to gain visibility into software components, continuous scanning for vulnerabilities and malware, and prompt patching of bugs. It also ensures that developer teams understand the importance of security through design when developing products.
  • Conduct a risk review for all suppliers. It starts with understanding who your suppliers are and then checking if they have basic security measures in place. This should also include their own supply chains. Conduct frequent audits and check accreditation with industry standards and regulations where appropriate.
  • Keep a list of all your approved suppliers. Update the list regularly based on your audit results. Regularly auditing and updating the supplier list will allow organizations to conduct comprehensive risk assessments, identify potential vulnerabilities and ensure suppliers comply with cybersecurity standards.
  • Create a formal policy for suppliers. This should outline your requirements for mitigating supplier risk, including SLAs that need to be met. It serves as a foundational document that outlines the expectations, standards, and procedures that suppliers must adhere to to ensure the security of the overall supply chain.
  • Manage supplier access risks. Enforce the principle of least privilege between vendors if they need access to the corporate network. This can be implemented as part of a “Zero Trust” approach where all users and devices are untrusted until authenticated, with continuous authentication and network monitoring adding an extra layer of risk mitigation.
  • Develop an incident response plan. In a worst-case scenario, make sure you have a well-rehearsed plan to contain the threat before it has a chance to impact the organization. This plan will also include how to contact the teams working for your suppliers.
  • Consider implementing industry standards. ISO 27001 and ISO 28000 have many useful ways to perform some of the steps listed above to minimize supplier risk.
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Life

Beware of romance scammers

Scammers asking for money or photos are a thing of the past. Romance scam methods have evolved.

Published

on

Scammers asking for money or photos are a thing of the past. Romance scam methods have evolved.

The number of people using messaging applications exceeded 3.3 billion in 2023. WhatsApp, Facebook Messenger and WeChat are among the most used applications.

Scammers look to these platforms for the love of money or data. Messaging apps are becoming a platform for both phishing and online romance scams, among other threats.

From 2019 to 2022, the amount of losses attributed to romance scams reported to the U.S. Federal Trade Commission increased from $493 million to $1.3 billion. Social networks and messaging apps were the first communication platform for 59 percent of those who said they lost money to a romance scam in 2022.

Scammers asking for money or photos are a thing of the past.  Romance scam methods have evolved.

Fraud methods are changing

As general digital security awareness increases, fraudsters’ tactics are also changing.

They send a risky phrase to their contacts: “Let’s go chat somewhere else.” Often the victim is redirected to a new and unknown app offered on third-party app stores or websites.

This allows the user to download spy tools that can read private data on the smartphone. In such cases, the most powerful weapon is to have a reliable cyber security solution that can detect suspicious activities of the application running in the background.

How do romance scams work?

scammers, assumes false identities on dating sites. By befriending lonely people, they establish a close relationship with these people and may even propose marriage to these people.

However, they may soon ask you for money or to open a new bank account that they can use. They use these accounts to further their scams, turning the victim of a romantic relationship into a money mule.

Scammers asking for money or photos are a thing of the past.  Romance scam methods have evolved.

Red flags of romance scams

Making excuses to avoid meeting: The scammer will avoid meeting face to face despite repeatedly stating that he or she is willing to do so.

Things are moving very quickly: Your new “partner” will express deep interest/affection and perhaps a desire for intimacy, even though you have only been chatting for a few days.

Asking for money: Romance scammers often come up with a heartbreaking story about why they need money ASAP. They can also pose as wealthy people who can pay off their debts with interest but “cannot currently access their funds.”

Leaving secure communication: The scammer may ask to leave a dating service or social media site to communicate directly. When you only use reliable app stores with strict app review policies, your chances of getting scammed will decrease rapidly.

Continue Reading

Security

Launches Cyber ​​Security Education Program for Children

Within the scope of the Cyber ​​Security training program, many trainings ranging from internet security to copyright, from security settings to privacy are offered free of charge.

Published

on

Within the scope of the Cyber ​​Security training program, many trainings ranging from internet security to copyright, from security settings to privacy are offered free of charge.

Today, children are growing up in an age where online activities are a natural part of their daily routine. While children may seem adept at navigating the digital world, they remain vulnerable to a range of online risks, from viruses and ransomware to fake news and cyberbullying on social media and online.

Trend Micro since 2008 “Internet Safety for Kids and Families” (Internet Safety for Kids and Families) initiative helps children, parents, teachers and young people around the world prevent and address online risks.

Cyber ​​security

Cyber ​​Security training program It is offered completely free of charge

Within the scope of the ISKF initiative, Trend Micro has prepared a completely free special training program to raise cyber awareness among children, parents and teachers around the world and make children more resistant to cyber threats.

The Internet Security Series program for children aged 7-10, prepared within the scope of Trend Micro Cyber ​​Academy, includes 11 trainings in total, including Cyber ​​Security, Healthy Habits, Camera Security, Time Spent Online, Courtesy, Security Settings, Misinformation and Copyright. Trend Micro Cyber ​​Academy, which provides training in a total of 19 languages, including Turkish https://www.trendmicro.com/internet-safety/tr/cyber-academy can be reached at.

ISKF initiative is actively carried out in 19 countries

ISKF, which was launched in 2008, has grown rapidly and spread to 19 countries. Operating in a wide range from face-to-face events to online training, ISKF stands out as an important resource in the field of cyber security for children, parents and teachers. Cyber ​​Academy, created within the scope of ISKF, teaches young digital citizens how to stay safe in the digital world with interactive videos and narratives. Within the scope of the program, it is planned to reach approximately 10 thousand children and their families by the end of 2024.

Figures about ISKF

  • 444 students were reached
  • 356,010 families were reached
  • “What’s Your Story?” There were 4,470 participants from 13 countries in the video and poster competition
  • Hosted 312 events
  • 367 Trend Micro employees volunteered
Continue Reading

Security

EXPOSED TO RANSOMWARE ATTACKS

According to a recent study, 60% of healthcare organizations will be subject to ransomware attacks by 2023. For this reason, it is important for healthcare organizations to prioritize cyber security measures to detect potential threats and ensure patient safety.

Published

on

According to a recent study, 60% of healthcare organizations will be subject to ransomware attacks by 2023. For this reason, it is important for healthcare organizations to prioritize cyber security measures to detect potential threats and ensure patient safety.

Technology widely used in every sector, health and rose to an important position in the pharmaceutical industry. Advances in medical systems through technology have significantly improved patient care, reducing costs and increasing efficiency.

However, considering the abundance of data in the sector, healthcare institutions need to strengthen their cyber security measures, as they are vulnerable to external threats. A recent study shows that 60% of healthcare organizations will be subject to ransomware attacks by 2023. For this reason, it is important for the healthcare sector to adopt a comprehensive security approach. Especially when it comes to ransomware.

ransomware

3 advantages of cyber security against ransomware threat to healthcare organizations

  1. Ensures compliance with legislation: Firewalls are critical for compliance with regulations such as HIPAA (Health Insurance Portability and Accountability Act). But to be truly effective, they need to be structured correctly. For this purpose, certain rules are needed that allow only necessary data traffic from authorized network addresses. Blanket “permission” rules should be avoided because they may allow unauthorized access to PHI data.
  1. Protects medical devices: Due to the rise of Internet of Medical Things (IoMT) devices, a multitude of medical devices are now connected to each other, facilitating real-time monitoring and seamless data sharing. The most important disadvantage of this situation is that it poses critical security risks. Risks can be prevented with a firewall that divides the network into segments, creates independent subnets and controls the traffic between them, reducing the likelihood of threats spreading since they will not affect the entire network. Well-executed access control policies combined with active traffic monitoring provide increased security by providing greater control over the network.
  1. Improves network performance: In addition to improving security, firewalls also optimize network performance. By managing traffic flow, it can prevent unnecessary bandwidth usage while ensuring the smooth functioning of critical medical applications. This helps optimize overall network efficiency by reducing latency and improving response times.
Continue Reading

Trending

Copyright © 2023 RAZORU NEWS. Project by V