Threat Intelligence Sharing Problematic
In a survey of more than 2,900 IT decision makers worldwide, Trend Micro found that the problem is exacerbated by less-secured small- to medium-sized businesses comprising a large portion of the supply chain for roughly half of these organizations. The absence of threat information sharing among organizations, their supply chain customers and partners becomes even more critical when seen in the backdrop of the high profile SolarWinds and Kaseya attacks, both of which featured compromised MSPs.Among organizations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment, Trend Micro said."Many aren't taking steps to improve partner cybersecurity,” said Bharat Mistry, Technical Director at Trend Micro. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface."Low Detection Rates for Ransomware Infections
Part of the issue of poor communication may be that organizations don’t have critical information in the first place. For example, according to the study’s data, detection rates were low for ransomware infections, including:“The corporate attack surface is increasingly distributed across an extensive supply chain that spans cloud and software providers, professional services firms and other connected entities. Each one of these may have privileged network access or store sensitive information belonging to client organizations. Each one therefore represents a potential security risk which must be addressed. Yet too often supply chains are nebulous and ill-defined, with controls applied in a reactive and haphazard manner, if at all. This must change.”