TAPA EMEA's Vigilant Magazine

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

WHO’S NEXT?

When considering targeted assets, in 66% of the incidents attackers focused on the suppliers’ code in order to further compromise targeted customers.

Organisations could be vulnerable to a supply chain attack even when their own defences are quite good, ENISA adds, with attackers exploring new potential highways to infiltrate organisations by targeting their suppliers. Moreover, with the almost limitless potential of the impact of supply chain attacks on numerous customers, these types of attacks are becoming increasingly common. In order to compromise targeted customers, attackers focused on the suppliers’ code in about 66% of the reported incidents, highlighting the need for organisations to focus their efforts on validating third-party code and software before using them to ensure these were not tampered with or manipulated.

In some 58% of the supply chain incidents analysed, the customer assets targeted were predominantly customer data, including Personally Identifiable Information (PII) data and intellectual property. In 66% of the supply chain attacks reviewed, suppliers did not know or failed to report on how they were compromised.

Apply good practices and engage in coordinated actions

‘While more than 50% of these attacks are attributed to APT groups or well-known attackers, the effectiveness of supply chain attacks may make suppliers an interesting target for other, more generic, types of attackers in the future.’

‘The impact of attacks on suppliers may have far-reaching consequences because of the increased interdependencies and complexities of the techniques used. Beyond the damages on affected organisations and third parties, there is a deeper cause for concern when classified information is exfiltrated and national security is at stake or when consequences of a geopolitical nature could emerge as a result. In this complex environment for supply chains, establishing good practices and getting involved in coordinated actions at EU level are both important to support all Member States in developing similar capabilities – to reach a common level of security,’ the report advises.

CONTINUED ON PAGE 10 >

9

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26