6. Stronger Perimeter Defense Will Make Supply Chain Attacks A More Appealing Option
Supply chain attacks have in recent years gone from being more targeted on a specific industry or organization to impacting larger numbers of users via commodity malware, said Zscaler VP of Security Research Deepen Desai. But small suppliers of money transfer systems, banks and exchanges remain a rich target since they deliver specialized financial services to big players, said Kaspersky Lab researchers.
As firms improve their posture and build up their perimeter defenses, attackers will attempt to access a target's network by compromising third party vendors, customers or partners, FireEye researchers said. Most organizations aren't great at managing supply chain attacks since they are difficult to detect and require more effective vendor risk management practices than are currently in place, FireEye said.
In response, there will be an increased focus on certifications and compliance with suppliers for their services, said Attivo Networks Chief Deception Officer Carolyn Crandall. As attackers continue to exploit vulnerabilities within these third-party organizations, Crandall said companies must take measures to certify and verify them and prove they can be trusted.
