Americas, Content

NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

Credit: Getty Images

The National Institute of Standards and Technology (NIST) has revised its "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations." Organizations can use the new guidance to protect themselves as they acquire and use technology products and services, NIST stated.

The updated guidance surfaces as MSPs and MSSPs seek to further lock down their own software supply chains from cyberattacks.

NIST's new guidance includes practices that organizations can develop to manage cybersecurity risks within and across their supply chains, the institute noted. It encourages organizations to consider vulnerabilities across technology products and services and their components.

In addition, NIST offers guidance for various groups to help them identify and mitigate supply chain risks, the institute stated. It also plans to provide a quick-start guide for organizations that want to implement its cybersecurity supply chain risk management best practices.

Supply Chain Attacks Could Become 'One of the Biggest Cyber Threats' to Global Organizations

Cybercriminals are increasingly targeting supply chains, according to the "2021 CrowdStrike Global Security Attitude Survey" of 2,200 IT decision-makers from global organizations. Key findings from the survey included:

  • 45 percent experienced at least one software supply chain attack in the last 12 months.
  • 59 percent of respondents that suffered their first software supply chain attack did not have a response strategy
  • 84 percent said they believe that software supply chain attacks could become one of the biggest cyber threats to their organization within the next three years.

Supply chain attacks and becoming more sophisticated and persistent, CrowdStrike pointed out. Meanwhile, today's organizations must consider a variety of technologies and tools to keep pace.

RMM, PSA and ITSM Software: Supply Chain Security

MSPs and MSSPs should check in with their IT management software providers to learn what steps they are taking to harden and monitor supply chain software security. In many cases, RMM (remote monitoring and management), PSA (professional services automation) and IT service management (ITSM) software platforms are gaining new capabilities to help partners improve their own cybersecurity posture, while mitigating supply chain attack risks that extend out to end-customers.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.