Cyberspace of 2017 has become a free-fire zone with a multiplicity of actors. The dark-side of globalization resides in cyberspace. Corporations are regularly under siege from a multiplicity of threat actors. The cyber arms bazaar that flourishes around the world has allowed for criminals and nations to wage long term campaigns against corporations and government agencies. These cybercriminals stalk businesses and consumers from the fog of the dark web. Evidence suggests that the Dark Web has become an economy of scale wherein the cyber-crime syndicates have begun to target the interdependencies of our networks. 2017 has ushered in a foreboding era of digital colonization of American cyberspace.
As the cybercriminal community burrows in to our networks we must appreciate that after the initial theft of data they tend to hibernate. This hibernation allows for secondary schemes of monetization. Some of these criminal endeavors include reverse business email compromise against your customers and/or selective Wateringhole attacks. Cybercriminals realize that there is implicit trust in your brand; trust that can and will be exploited. The modus operandi of cybercriminals has been modernized and thus we should allow their offense to inform our defense. As we attend Blackhat, we must spin the chess board to realize the opportunities for strategic action.
In 2017, CSOs must enhance the scope and diligence of their supply chain security assessment. First, security strategies must encompass more than technology vendors. Law firms and marketing firms should be included in all annual security assessments. Second, any merger or acquisition must include a compromise assessment. Such a compromise assessment should include a penetration test from within your network to the outside world. Finally, service level agreements (SLAs) must be modernized to mitigate the cyber threats of 2017, therefore the rigor of the security controls required must encompass elements of intrusion suppression like the proactive use of deception grids and adaptive authentication.
Managing cyber exposures to your supply chain is a function of conducting business in 2017. Beyond mere compliance with existing standards corporations must protect their brand before it is hijacked. Supply chain risk management requires an architectural paradigm shift to intrusion suppression. Modernizing defense in depth will allow an organization to thwart the burgeoning digital invasion of their network. It is imperative that we reevaluate vendor relationships and institute increased safeguards and oversight as information supply chain risk is here to stay. Cybersecurity investment begets brand protection which in turn mitigates third-party risk. Those companies who embrace brand protection as a function of comparative advantage will become the titans of industry.