From the course: The Cybersecurity Threat Landscape
The threat of supply chain attacks and third-party risks
From the course: The Cybersecurity Threat Landscape
The threat of supply chain attacks and third-party risks
- [Instructor] All organizations have what is called an attack surface. This is the part of the organization that is exposed to any kind of threat. One of the biggest attack surfaces for most organizations is their supply chains and exposures to third parties. This attack surface is also one of the most challenging to protect. In this video, I'll cover what supply chain and third party risks are and why they're part of the cybersecurity threat landscape. Every organization has suppliers. They provide the needed resources for that organization to function. These suppliers can be software as a service or other technology providers that are critical to your business. And these suppliers have their own suppliers, and those suppliers have suppliers, and so on. If a direct or downstream supplier fails, that could have a negative impact on your organization. That's the idea of supply chain risk. Now let's think about the access your suppliers and other third parties might have to your systems and data. If third parties like suppliers, contractors, and vendors need access to your systems to provide their services, that can create risk. For instance, if one of your vendors has access to your systems and they get hacked, now the hackers can attack your systems. This is what happened to a major retailer, which led to a security breach that cost an estimated $202 million. On top of that, consider all the data your organization stores with third parties. Cloud-based software as a service, or a SAS applications like Dropbox, Salesforce, and Google Drive can store some of your organization's most critical data. And your organization may be storing its data with other third parties that aren't SAS apps. If the right controls aren't in place, that data may be accessible to malicious actors outside or inside of your organization. Finally, we have software supply chain risk. Many organizations develop software for their own internal systems or to provide the services they offer. Instead of writing everything from scratch, developers will often use free open source software. But open source software comes with potential problems. It can be hard to keep track of, especially if your organization develops a lot of software. And opensource software can contain vulnerabilities or even malicious code. For instance, and opensource Java logging library called LOG4J was used by software found on millions of servers around the world. But a zero day vulnerability was found in LOG4J which allowed remote code execution attacks that could be used to compromise these servers. Every organization who developed its own software immediately needed to determine if any of their software contained LOG4J, and if it did, patch it. As you can see, supply chain and third party risks can be highly complex and have serious consequences for your organization. That's why they're an important part of the cybersecurity threat landscape.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.