Tips to Minimize the Risk of Supply Chain Attacks

At NSA, we are proud to partner with other best-in-class service providers. Our partners help us to deliver ongoing support for every facet of our client’s business. Sophos is one of our security partners, providing next-generation cybersecurity.

With the increase of ransomware and cyber threats, we thought it would be a great time to share some insights into how to protect your business. To minimize the risk of supply chain attacks, here are 5 important tips that the Sophos team recommends:

  1. Switch from a reactive to a proactive approach to cybersecurity. Once an attack becomes obvious, it’s often too late. You need to assume you’re always compromised and hunt for threats before they find you.
  2. Monitor for early signs of compromise. During investigations conducted by the Sophos Managed Threat Response (MTR) team, two things stand out as early indicators of compromise: one is the use of credentials for remote access/administrative purposes during off-hours; the other is the abuse of system administration tools to conduct surveillance.
  3. Audit your supply chain. Taking some time to map out a list of all the organizations you’re connected to can be invaluable. You can then assess the type of network access they have, what information could be accessed, and then lock down such access accordingly.
  4. Assess the security posture of your suppliers and business partners. Determine the types of certifications and audits they’re subject to. There’s no specific number of audits that guarantee security, but it’s certainly an indication that the supplier takes security seriously.
  5. Constantly review your own IT security operations hygiene. While the posture of your suppliers is critical in safeguarding against supply chain attacks, do not neglect your own cybersecurity hygiene. Be sure to:
  • Enable multi-factor authentication (MFA)
  • Review supplier access and application privileges
  • Proactively monitor supplier security bulletins
  • Review your cybersecurity insurance policy (if you have it)

For more security tips, be sure to check out the new whitepaper from Sophos here:

If you’d like to learn more about how to best protect your business from the latest cyber threats, don’t hesitate to reach out to our team. We have been helping businesses just like yours stay secure for over 35 years. Contact the NSA team here.

Search for Solutions, Webinars, Nuggets and Other Helpful Resources