Supply Chain Attacks
Adversaries have increasingly realized they can infiltrate hundreds or even thousands of customers at one by compromising a supplier they all have in common, said Gee Rittenhouse, senior vice president and general manager of Cisco Secure. Businesses must ensure they have visibility into their supply chain, the risk associated with each supplier, and a way to quickly remediate should an event occur, he said.
Supply chain attacks provide hackers with a good return on their investment since they only must break into a single strategic enterprise to distribute their malware across thousands of organizations, he said. Supply chain attacks have moved from being a weaponized attack carried out by a sophisticated adversary against a particular industry to being a more generic part of the malware commercial cycle.
Businesses where all employees are either working from the office or working remotely are the easiest to defend against a supply chain attack, Rittenhouse said. But safeguarding hybrid environments adds a degree of complexity, which employers are just beginning to realize as they think about mandating that some or all their workers return to the office, according to Rittenhouse.