SUPPLY CHAIN SECURITY
The latest threat to emerge is supply chain attacks, in which a manufacturer of software to large numbers of organisations is first breached and their software modified to include malware that infects many organisations at the same time. So far in 2021 there have been three successful attacks, Solarwinds, Microsoft Exchange, the Kayesa breach and most recently the Log4j vulnerability. The Solarwinds breach alone is estimated to cost the world over $1Tn, while the Microsoft Exchange breach is estimated to have impacted over 18,000 organisations worldwide. The Log4j vulnerability, in software from the Apache Software Foundation in widespread use by almost all organisations, is reckoned to be the most serious breach of all time.
Compromised software that has been altered at source is difficult to detect because we trust our suppliers and have no reason to suspect that their updates and patches may be infected.
How We can Help
KITS provides a number of services that help detect and prevent supply chain attacks.
Deep Instinct, as well as protecting end-points, can prevent malware operating on in-house servers too, interrupting the second stage of the supply chain attack.
Imperva’s Runtime Application Self-Protection (RASP) is designed to detect zero-day exploits in software as well as prevent supply chain attacks.
Finally, our security architecture audit and design capabilities will help you to ensure that, if a supply chain attack should be successful, your organisation can swiftly and effectively recover from the attack with the least impact and damage to your reputation.