Council Post: Supply Chains Need The Protection Of Unified Multifunctional Cybersecurity.

David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). RevBits develops cybersecurity software for organizations.

The worldwide pandemic opened our eyes to the vulnerabilities of global supply chains. Now, with eyes wide open, we must move forward by protecting these vital business ecosystems with the right cybersecurity.

Keeping supply chains viable requires more than balancing supply and demand issues or managing the logistics of how things flow between the point of origin and consumption. Supply chains need the protection of multilayered cybersecurity with a holistic analytics-driven security fabric.

According to the Verizon 2022 Data Breach Investigations report, supply chain breaches can lead to wide-ranging consequences, and in 2021, they were responsible for 62% of system intrusion incidents. Supply chain cyberattacks prey upon data and systems by using all manner of nefarious means, such as installing malware, social engineering, stealing credentials and many others. As malware moves across the supply chain network, it can compromise supply chain member computer systems all along its path.

A few years ago, attackers set their sights on mega U.S. retailer Target in one of the largest data breaches in retail history. Approximately 40 million customer credit and debit cards were made vulnerable to fraud when malware infiltrated Target’s POS system across more than 1,800 stores. The data breach directly affected the company’s profit, causing it to fall 46% in one quarter. Since that breach, dozens of customer lawsuits have been filed against the company for carelessness and compensatory damages, and the company has spent over $200 million related to the breach.

Industry experts believe hackers infiltrated a third-party supplier to gain access into Target’s main data network. Investigators suspect the hackers first broke into Target’s network using stolen credentials from HVAC provider Fazio Mechanical Services. Six months before the breach, Target began installing a new cybersecurity system, with a security team to monitor its IT systems. Still, the supply chain attack was able to elude their security measures.

Multilayered, Yet Single-Function Cybersecurity Has Inherent Limitations

One of the challenges facing IT and security teams is overcoming problems created by different vendor products that focus on one type of security vulnerability. These single-function security products fragment security postures by creating security gaps that leave enterprises with limited (or zero) visibility between the products. Products like security information and event management (SIEM) and security orchestration, automation, and response (SOAR) don’t automate the detection and remediation of anomalous activity within a cross-functional security stack. They essentially gather and ingest divergent data from the various vendor products or tools.

The ability to directly integrate and access multiple products and coalesce their security data into a single dashboard is what can enable rapid cyber forensics with analytics and context, to quickly resolve threats. However, this requires more than integrating disparate products through APIs. This requires native integration of security products, orchestration and automation.

Multifunctional Cybersecurity Eliminates Security Gaps

Multifunctional cybersecurity built upon a native platform capable of amalgamating diverse security products can assimilate telemetry and threat data from attack surfaces and vectors. Threat intelligence and AI capabilities improve decision-making and automatically respond to threats. Visibility blind spots are eliminated, and automated responses with deep diagnostics enable organizations to rapidly resolve security events across their entire IT ecosystem. A native security platform can quickly detect anomalous activity to help prevent bad actors from entering supply chain member networks.

Automated workflows, alerts and responses immediately respond to security events and will shut down a system or user account if anomalous activity is detected. Root-cause diagnostics help the security team to quickly locate security events and provide the best actions for mitigating incidents. This capability is nearly impossible to reliably accomplish without security designed, developed and engineered natively across all security functions, with complete visibility and inherent cross-functional orchestration.

How To Create An Effective Multifunctional Cybersecurity Posture

Target had actually deployed a new malware detection system that might have prevented the attack and eradicated the malware before it reached the customer data. Unfortunately, the capability to automatically detect the malware wasn’t turned on. While it’s understandable the concern the company may have had with a newly deployed security product, there needs to be trust in the system once it’s in production. Additionally, there are other fundamental security products, processes and policies that should be implemented to ensure a strong security posture:

• Tightly control access to highly valuable data with zero-trust policies and identity controls.

• Define and enforce stringent access policies for third parties.

• Employ penetration testing to discover hidden vulnerabilities and risks.

• Update software and firmware updates and patches with regularity.

• Implement a policy for strong credentials, and support it with a password management solution.

• Conduct regular employee security awareness training.

• Develop a cyber incident response plan with guidelines on how to identify, respond and recover from a cyberattack.

The ability to fully visualize an organization’s cybersecurity stack, attack surfaces and threat vectors provides the digital resilience it needs. Having a holistic view of everything—in conjunction with establishing a strong cybersecurity posture—allows IT, cybersecurity and risk management professionals to prioritize risks and work together more effectively to counteract threats. Natively unified cybersecurity also helps eliminate technology, administration and management silos that add user friction and complicate alerting, reporting, responding and mitigating threats. Ultimately, this friction will create misalignment around an organization’s ability to reduce its cyber risk.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

 Check out my website.