The Middle East and Africa’s rapid economic recovery has impacted the technology suite more than at any time in living memory. CIOs were forced into snap decisions on cloud migration. Businesses could ill afford to dally on due diligence and, as a result, we saw our IT estates degrade into uncontrollable sprawls, from the home networks and rogue endpoints of employees to the anonymous clouds of SaaS providers.
All this has far-reaching implications for cybersecurity, and the region’s boardrooms are humming with discussions on digital risk. Ranked high among the many concerns of senior executives is ransomware, which has become a relentless bane for CISOs. And among organisations’ concerns on ransomware is the extent to which they are left vulnerable by their IT supply chains. A new global study by Trend Micro Everything is connected: Uncovering the ransomware threat from global supply chains illustrates this point. We found that ransomware incidents peaked during the pandemic, now accounting for one in four data breaches worldwide, a 13 percent increase on 2021 figures.
When dropping payloads, threat actors find supply chains attractive because they allow them to gain access to otherwise well-protected infrastructures by exploiting vulnerabilities outside an organisation’s control. Supply-chain vectors also allow attackers to compromise multiple targets if they choose their point of entry strategically. This was the case in high-profile incidents in the US such as Kaseya in 2021 and SolarWinds in 2020. Both were service providers to multiple clients, and both were targeted for their privileged access, leading to the compromise of thousands of victims.
As per the recently launched Trend Micro Mid-Year Report for 2022, In the MEA region, Trend Micro solutions blocked and detected over 300 million cyber threats. These figures are alarming and highlight the need for regional organisations to adopt advanced cyber security solutions. Regional enterprises must rise to this challenge before they become either the next SolarWinds or one of the next downstream victims in a major supply-chain attack. Information sharing throughout the supply chain will be vital. But internally, each organisation in the chain should look to its privileged access management, implementing strict policies of least privilege for all devices and services. Multi-factor authentication will also help, as will scanning open-source components for vulnerabilities and malware before integration into application-development pipelines.
In addition, extended detection, and response (XDR) is the emerging technology that unites security functions and delivers real-time actionable insights to security analysts to discover, stymie, and resolve threats before they can make an impact. XDR should be implemented along with diligent policies on multi-layered protections for email, servers, clouds, networks, and endpoints; continuous risk-based patching and vulnerability management; robust attack-surface management (ASM); adequate end-user awareness training; regular penetration and vulnerability testing; and strong data encryption at rest and in transit.
With these measures in place, regional organisations can at last lift their heads above water and get on with the business of business without worrying about impending disaster from their supply chains.
