https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Sponsor Content

Chain with sun streaming through

5 Ways to Minimize Supply-Chain Attacks

  • Written by Tech Data Guest Blogger
  • September 16, 2019
Taking action to protect your ecosystem now can alleviate the often-devastating effects of a potential attack later.

ASUS was pounded earlier this year when ShadowHammer struck. Though it targeted 600 individuals, the computers of tens of thousands of customers—who unknowingly downloaded malicious code via the ASUS Live Updater—were ultimately compromised.

Around the same time, IT outsourcing giant Wipro and other IT providers were also victimized. The attackers launched a sophisticated phishing scheme that enabled them to access Wipro’s customer base, many of whom were retailers and financial institutions. With this access, the attackers exploited the gift and payment card systems of Wipro’s customers, netting an indeterminate amount of hard-to-trace cash.

Experts have reported that the number of supply-chain attacks has increased by 78%, which is consistent with special publications from the FBI’s InfraGard Program. In fact, this is one of their biggest problems.

Supply-chain attacks can happen to IT service providers (MSPs, MSSPs, etc.) and their customers in any industry. Regardless of how it happens, these attacks can wreak havoc on customers, suppliers, partners and other trusted individuals within your ecosystem. Taking action to protect your ecosystem now can alleviate the often-devastating effects of a potential attack later.

5 ways to protect against supply-chain attacks

  1. Know who is in your ecosystem. Understand that you are a part of an ecosystem and threats are coming at you asymmetrically. You may not be the intended target, but you are absolutely a target, no matter where you are in the ecosystem. Our Tech Data Services team offers risk assessments that look at your ecosystem to thoroughly analyze, identify and mitigate cybersecurity threats based on likelihood and impact.

Speaking at Black Hat 2019 a couple of weeks ago, Microsoft Security Response Center GM Eric Doerr said, “People like to think about hardware as the main supply-chain threat, but, really, you need to start with people—your contractors and partners.”

  1. Understand their security postures. Just as your business has a security posture, your ecosystem also has a security posture. Understand how the members of the ecosystem are handling security, what their security policies are, and what regulations and compliance requirements they have. Know whom to call, either at your suppliers or end customers, if there’s a supply-chain breach.
  2. Stay informed and aware. Join groups such as the FBI’s InfraGard program, a public-private sector partnership dedicated to collaboration around protecting critical infrastructures.

Information Sharing and Analysis Organizations (ISAOs) are also good sources of information. Tech Data is currently working on a partnership with an ISAO to help its partners and customers stay on top of incoming threat intelligence.

  1. Leverage assessments and testing. Penetration testers (also known as ethical hackers) often go into organizations to find gateways through which an attack might be launched.

While these assessments are extremely useful at finding gaps, companies have, in recent years, limited their scope to get the answers they want or to save face. This short-sighted, “check the box” thinking not only keeps organizations from improving their security postures, but it could also expose their customers and suppliers to an attack.

Another option is an attack simulation. These simulations take place in a real-world environment to help detect how your policies, procedures and technologies will fare against an advanced persistent threat.

  1. Start a conversation with your ecosystem. Finally, talk to everyone in your ecosystem in an open and honest way. Tell them you’re undertaking a supply-chain assessment to uncover weaknesses. Work together to not only bring everyone up to a mature security posture. Help get the approvals needed to ensure your ecosystem can effectively respond to a supply-chain attack.

To achieve a mature security posture, you must be willing to recognize that there may be weak spots in your network and do a no-holds-barred assessment. If you leave it to chance, then you’ll be at a significant disadvantage when an attack does occur.

Your weaknesses may be exposed, but it will be much less public than if your customers experience a massive security breach where they’ve been defrauded of millions of dollars, have their trade secrets stolen or are made to pay millions in penalties.

Acting for the good of your ecosystem better serves your customers. It’s good for business—and it’s good for business continuity.

Tech Data has the expertise and resources you need to build a reputable security practice. Our team of security experts is equipped with the tools, people, services and solutions to keep your companies safe by identifying weaknesses, reducing risks and quickly responding to cyber attacks. Let our security team provide you with the right solutions to grow your security practice. Contact [email protected] to learn more.

Joshua has hands-on experience and deep technical knowledge in both computer network attack (CNA) and computer network defense (CND). He is a core volunteer with a local non-profit organization leading the country in teaching hands on cyber security skills with real-world application. Outside of work and volunteer contributions, Joshua can be found jamming with the console cowboys in cyberspace.

This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs Best Practices Business of Security From the Industry Intelligence MSSP Insider Security Tech Data Sponsor Content

Most Recent


  • ransomware attacks
    Survey: Backups Are Prime Targets for Ransomware Attacks, Most Remain Exposed
    Veeam’s 2023 Ransomware Trends Report shows many pay ransom but don’t always recover.
  • call for speakers
    Channel Futures Leadership Summit Call for Speakers Open
    Speaker applications for “The New Style of Leadership” are open until July 3.
  • Faces of the Partner
    Faces of the Partner: 6 New Tech Advisors Entering the Channel
    A significant portion of the partner community is retiring. Who will replace them?
  • Kasten K10 V 6.0
    Veeam Previews Enhanced Kubernetes Protection, Security with Kasten K10 V 6.0
    Veeam showcased forthcoming release at the annual VeeamON conference in Miami.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Respondents said that in terms of the security techniques and solutions they are planning to implement next year encryption and bring your own encryption key topped the list with cloud access security broker in second placenbsp
    Security 102: Selling Security Solutions
  • mktg-solutions-image1.jpg
    Security 101 for Sales: Making Sense of Security to Deliver Solutions
  • Business meeting
    ATEC Customer Story
  • Padlock-security
    Is Transitioning from an MSP to MSSP Worth the Risk?

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

Survey: Backups Are Prime Targets for Ransomware Attacks, Most Remain Exposed

May 26, 2023

Faces of the Partner: 6 New Tech Advisors Entering the Channel

May 26, 2023

Broadcom-VMware, Alibaba Cloud, Red Hat, Google Cloud: A Hefty Roundup

May 24, 2023

Industry Perspectives

View all

Dell Technologies World: Dell Apex Expanded Across On-Premises, Cloud and Edge

May 22, 2023

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

OpenText Simplifying Deal Registration, Doubling Down on MDF

April 21, 2023

Everything-as-a-Service: CloudBlue Touts Critical Customer Transition

April 18, 2023

Twitter

ChannelFutures

Paul Green @msp_voice will help MSPs gain more #customers and #sales at @ChannelEurop June 13.… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

.@coalesceIO unveils revamped partner program. #datatransformation dlvr.it/SphJm4 https://t.co/s7fYAVmFGD

May 26, 2023
ChannelFutures

.@Veeam #Ransomeware survey: backups are not adequately protected, 85% suffered at least 1 attack in past year… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

.@MSPSummit call for speakers is open now through July 3. The theme for this year’s summit is “The New Style of Lea… twitter.com/i/web/status/1…

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/SpgV6l https://t.co/JXKhJcw31A

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/SpgTQg https://t.co/7eIp0XgwQ2

May 26, 2023
ChannelFutures

Channel Futures interviewed six individuals who started an agency in the last two years. dlvr.it/Spg7JZ https://t.co/ETaeFysCYO

May 26, 2023
ChannelFutures

.@VMware's CFO taking new job at @Workday, board member taking over CFO role. #cloud dlvr.it/SpdNND https://t.co/Nnb1ahZdNG

May 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X