By Zane Pokorny on April 26, 2019
The National Counterintelligence and Security Center (NCSC) declared April to be “National Supply Chain Integrity Month,” highlighting the growing cybersecurity risks coming from third parties in our increasingly connected world.
“Foreign intelligence entities and other adversaries are increasingly exploiting supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, and surveil our critical infrastructure,” said NCSC director William R. Evanina.
“Bypassing our security perimeters, they’re infiltrating our trusted suppliers to target equipment, systems, and information used every day by the government, businesses, and individuals. The cost to our nation comes not only in lost U.S. innovation, jobs, and economic advantage, but also in reduced U.S. military readiness.”
To help combat third-party risk, the NCSC has developed new resources that outline best practices and more.
Threat Intelligence Reduces Third-Party Risk
The cybersecurity landscape is rapidly changing as supply chains grow more connected and organizations increasingly rely on third parties to store their data and handle their security needs. That makes the “walled garden,” perimeter-oriented model of IT security insufficient.
Keeping up with the threat landscape takes information and context — the kind provided by threat intelligence.
That’s one of the main findings of a new ESG report, “Third-Party Risk: Why Threat Intelligence Matters.” That report looks at the current (rather bleak) landscape of third-party risk, and offers a list of best practices and resources for organizations to reduce their risk.
As the title suggests, one of their biggest recommendations is to use threat intelligence to quantify that risk quickly and accurately.
Download the ESG Report
The full press release from the NCSC can be read here.