[ad_1]
The National Institute of Standards and Technology (NIST) has published an updated guide on how to protect the supply chain against cyber attacks.
Since 2020, NIST has published two draft documents on how the enterprise can better defend against supply chain attacks.
Today, in response to Executive Order 14028: Enhancing the Nation’s Cybersecurity, NIST has published ‘Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations’ to provide guidance on how to identify and respond to cybersecurity risks. supply chain cybersecurity.
“Managing supply chain cyber security is a necessity that is here to stay,” said Jon Boyens of NIST, one of the publication’s authors. “If your agency or organization hasn’t started, this is a comprehensive tool that can take you from crawling to walking and running, and can help you get there in no time.”
The document is a long read, weighing in at 326 pages, but it includes valuable information on supply chain risks, from assessing foreign control over software/product development to the risks associated with using third-party service providers. external IT.
“It has to do with trust,” said NIST’s Angela Smith, an information security specialist and another of the paper’s authors. “Organizations need to have greater assurance that what they are buying and using is trustworthy. This new guidance can help you understand what risks to look for and what actions to consider taking in response.”
Due to the length and complexity of the document, NIST plans to publish a quick start guide to help organizations just beginning their C-SCRM (Cybersecurity Supply Chain Risk Management) efforts.
Supply chain attacks are becoming increasingly popular targets for threat actors, allowing them to compromise a single product and have it impact numerous companies that use it.
The severity of supply chain attacks was demonstrated in real-world scenarios when threat actors compromised SolarWinds to infect downstream customers, Kaseya’s MSP software was used to encrypt over a thousand companies, and how npm modules to execute remote commands.
These attacks had widespread consequences for many organizations simply by compromising a single source, illustrating the need for the company to add protections against supply chain attacks.
[ad_2]