How The Channel Can Help Combat Supply Chain Risk With DRP
By Sophia Anastasi, head of channels and alliances at Skurio
MSPs have played a prominent role in business operations in recent years, particularly during the COVID pandemic as organizations sought support to overcome disruption and staff shortages.
A network of trusted suppliers has become essential for accessing diverse skills and services. However, as an organization’s network of suppliers grows, so does its risk exposure.
Cybercriminals can bypass the defenses of their primary target by compromising a smaller and less well-secured supplier and exploiting vulnerabilities in its technology or people. Sensitive files such as customer databases also can be stolen from trusted suppliers, leading to a serious breach without the data owner itself ever being compromised.
Supply chain risk is a serious blind spot for many firms. The DCMS’s Cyber Security Breaches Survey 2021 found that just 12 percent of U.K. businesses review risks stemming from immediate suppliers, and only five percent look at risks from their wider supply chains.
Like any external supplier, MSPs represent a theoretical security risk, but they also can provide a solution for reducing the threat of supply chain attacks. A good MSP will not only connect an organization with the right security tools for the job but also will act as a strategic advisor to ensure you have appropriate protection in place.
Recognizing this threat, the U.K. government recently conducted a consultation looking for views from organizations, and particularly MSPs themselves, to determine best practices in supply chain security.
So how can MSPs and other channel partners help protect their customers from supply chain risks?
The Risk To Data In The Supply Chain – Who Is The Weakest Link?
The most prominent supply chain risk is the threat of attackers targeting a partner and exploiting vulnerabilities in its network or people to gain direct network access. Multiple high-profile breaches have stemmed from compromised suppliers. In a recent severe case, attackers compromised the IT management software of a U.S. firm called Kaseya and used it as a steppingstone to successfully target its customers. Another widespread issue that is often overlooked is the risk when data is shared throughout the supply chain. Once that data has crossed into another company’s network, the risk of exposure increases. For example, if a firm outsources its sales activity to a specialist partner and shares its company data, that information can be accessed if the partner experiences a breach.
While perhaps not as immediately damaging as a supply chain ransomware attack, this can still cause serious issues. Most data privacy and security regulations such as the GDPR make it clear that the original data holder is responsible for a breach, regardless of where the security failure occurred. This means firms are just as exposed to regulatory fines if data is stolen from a supplier. Likewise, the impact on customer loyalty and the potential for costly litigation will be just as high as a direct breach.
So how can enterprises secure data in the supply chain? And how can the channel help?
Introducing Digital Risk Protection
The biggest issue with securing data out in the supply chain is that the data owner has no way of keeping track of it once it leaves its perimeter. Data Loss Prevention (DLP) solutions can help reduce accidental disclosures but can’t protect you against a weak link in the supply chain.
Digital Risk Protection (DRP) is a new approach, extending your detection surface beyond the firewall. DRP combines the best features of Threat Intelligence, Dark Web Monitoring, and Data Breach Detection in a single, automated SaaS platform. Previously only accessible to top banks and large corporates, new generations of DRP solutions enable MSPs to offer the same level of protection to their small and midsize customers too, with a focus on affordability and ease of use.
Using DRP To Look After Your Data, Wherever It Lives
Traditional cybersecurity can’t protect data once it’s outside the network. But adding DRP to the mix makes it possible to detect third-party leaks and breaches in real-time, minimizing the consequences. Multiple DRP approaches can be used, such as monitoring for unique metadata, ‘fingerprinting’ the entire dataset, or watermarking - which works by inserting a unique, fictional identity into each dataset. Continuous monitoring alerts you as soon as your data is detected on open and closed web sources, such as ransomware forums, paste bins, or Dark Web sites. If each dataset is given a specific marker, it is also immediately apparent wherein the supply chain the breach occurred. This lets the data owner reclaim the initiative, enabling them to act quickly to identify the source of the breach and notify customers and regulators with a high degree of speed and accuracy.
The Value DRP Brings To The Channel
DRP is well suited for the channel. Most MSPs with a security portfolio are likely already offering endpoint and network monitoring services, and DRP’s complementary capability makes it easy to include “outside the firewall” monitoring as a complete package. Even as a stand-alone solution, DRP is a straightforward proposition - the right package will not need specialist technology or skills on the part of the MSP and can be configured in a few hours. It can work well as an initial step into security services for MSPs.
Offering a solution to the growing issue of third-party security risks moves an MSP up the value chain. DRP enables enterprises to be more confident and ambitious about their cloud strategies, making it a good fit for a channel partner that is already operating as a trusted adviser in this space.
Finally, DRP is an ideal “sticky” service. It can be easily offered on a subscription basis as a foundation to establish repeatable revenue. Supply chain security, including breach notification and remediation, are compelling examples.
Being armed with a solution that quickly and accurately identifies data breaches in the supply chain means MSPs are part of the solution to third-party data risk, not part of the problem.
About The Author
Sophia Anastasi is head of channels and alliances at Skurio.