When you think of island hopping, you may think of a Caribbean vacation, but when it comes to the security of your network, “island hopping” is far less relaxing. Island hopping is the new trend in cyber-attacks where attackers gain access to not just your network, but also your entire supply chain.
These kinds of attacks can originate as a breach in your network or the networks of any of your vendors or partners. Carbon Black has estimated that half of all cyber attacks today use island hopping. And since island hopping targets an entire supply chain or vendor network, a vulnerability in any of your vendor’s networks could mean that the entire chain can be infected and exploited.
So, how can you protect your network?
Creating a Security Scorecard
One way we recommend our clients use to measure and track security risk is a security scorecard. A security scorecard is a risk assessment report that identifies and assigns a risk value to vulnerabilities and potential vulnerabilities on the network. The scorecard should be regularly reviewed and kept up to date and should include compliance, operational, strategic, reputational, and transactional risks. It should also provide actionable information and plans for remediation to minimize risk.
With island hopping in mind, the security scorecard expands to include not just your network, but also the networks and traffic of your vendors or partners.
Managing Vendor Risk
While managing your own network is your responsibility, managing the networks of your vendors falls outside your realm of control. However, there are some ways you can protect yourself from island hopping and manage vendor risk.
- Have a strong security policy in place to protect yourself from attack.
- Review your vendors’ security policies to ensure that their security posture is strong.
- Invest in a vendor monitoring solution to continuously monitor your network and vendor traffic to detect a potential breach.
If you’d like more information, we did a deep dive into vendor risk management and the benefits of vendor monitoring solutions in another post.
Bring Attacks into the Light with Security Visibility
Security information and event management, or SIEM, has become the industry standard for event management. This system aggregates event data from multiple sources, identifying potential threats, and notifying security administrators to take action.
No matter whether your business is large or small, it’s essential to protect yourself from both direct and island hopping attacks. Learn about how our security visibility services provide insight into your risk of attack.