Supply Chain Attacks: Risk Mitigation AdviceTony Cook of GuidePoint Security on Defending Against Vendor Threats
In light of recent supply chain attacks, many organizations need to improve mitigation of the risks posed by their vendors, says Tony Cook, head of threat intelligence at GuidePoint Security.
"What we're starting to see is that it is much easier for attackers to compromise what you use in your environment in order to get inside your environment - and that's the premise in the supply chain attacks we're seeing, whether it's Accellion or SolarWinds or other [recent vendor incidents]," he says.
"Attackers are finding that they can … attack the companies you use every day to get their malware and goals done in your environment," he says in an interview with Information Security Media Group.
To mitigate supply chain attack risks, organizations must take a methodical approach, he says.
"Many companies don't have a good sense of what is in their environments, what's in their networks," he says. "You need to have security products in place that can give you visibility into your environment in case something does go wrong.
"Start off with a tabletop exercise - what would it look like if something bad happened in your environment? … Then build from there to understand where your gaps are, prioritizing next actions."
In this interview (see audio link below photo), Cook also discusses:
- Evolving ransomware attack trends;
- Critical medical device cybersecurity issues;
- Tips for detecting and preventing web shell incidents involving public-facing servers, including "shadow IT" servers.
Cook is head of threat intelligence for security vendor GuidePoint Security’s consulting team, where he manages digital forensics and incident response engagements. Previously, he held threat intelligence leadership roles at Palo Alto/The Crypsis Group and RSA. Cook is also a former officer at the Navy Cyber Operations Command.